Another Hotmail Scam.
January 2, 2002 9:08 PM Subscribe
Another Hotmail Scam. Dated November 28th, this scam masquerades as a response to a request for a password. The HTML is convincing - convincing enough to fool a friend or relative who doesn't know better. It fooled me for a half a second. [More...]
Wow! Now that's clever! Not that I'm envious, but I think it's a rather brilliant scam in comparison to other ones around.
Oh yeah, warn people foremost.
posted by Mach3avelli at 9:15 PM on January 2, 2002
Oh yeah, warn people foremost.
posted by Mach3avelli at 9:15 PM on January 2, 2002
But why would you give your soul to the Evil One and actually use a hotmail account?
posted by fleener at 9:19 PM on January 2, 2002
posted by fleener at 9:19 PM on January 2, 2002
It didn't fool me at all. I'm so cool.
posted by noisemartyr at 9:34 PM on January 2, 2002
posted by noisemartyr at 9:34 PM on January 2, 2002
It's a self link, but I'll let it stand since it doesn't appear to be available elsewhere.
Can you post the HTML source from the email? I'm curious to see where the form action points, that'd be your culprit that is collecting passwords.
posted by mathowie at 9:41 PM on January 2, 2002
Can you post the HTML source from the email? I'm curious to see where the form action points, that'd be your culprit that is collecting passwords.
posted by mathowie at 9:41 PM on January 2, 2002
It's an old, old account. I scan through it every three or four months in the off-chance that an long-lost acquaintance may try to reach me there.
posted by tpoh.org at 9:43 PM on January 2, 2002
posted by tpoh.org at 9:43 PM on January 2, 2002
I've posted the source up in the same directory, under the name "source.html" - and I'll probably remove it before the weekend (thus, no link).
The culprit is canberkb@yahoo.com, and it appears the form action is being sent to a server by the name of tahribat.com in Turkey:
The culprit is canberkb@yahoo.com, and it appears the form action is being sent to a server by the name of tahribat.com in Turkey:
Registrant: HolyOne Corp Soz Gumusse S|kut Altindir Istanbul, n/a TR Domain Name: TAHRIBAT.COM Administrative Contact: One, Holy holyonerulez@yahoo.com Soz Gumusse S|kut Altindir Istanbul, n/a TR +905320000000 Technical Contact: One, Holy holyonerulez@yahoo.com Soz Gumusse S|kut Altindir Istanbul, n/a TR +905320000000 Billing Contact: One, Holy holyonerulez@yahoo.com Soz Gumusse S|kut Altindir Istanbul, n/a TR +905320000000 Record last updated on 04-Dec-2001. Record expires on 07-Feb-2003. Record Created on 07-Feb-2001. Domain servers in listed order: NS1.DNSSAHIBI.COM 213.194.99.11 NS2.DNSSAHIBI.COM 213.194.99.12posted by tpoh.org at 10:07 PM on January 2, 2002
What's this, then?
Yup, that's a form to make these mails. I tried it out with two of my hotmail accounts, and it works.
posted by Berend at 4:03 AM on January 3, 2002
Yup, that's a form to make these mails. I tried it out with two of my hotmail accounts, and it works.
posted by Berend at 4:03 AM on January 3, 2002
Pardon my ignorance but what's to be gained by hacking a hotmail account? Isn't it easy enough for someone to create untraceable accounts on these free email systems?
posted by HTuttle at 6:34 AM on January 3, 2002
posted by HTuttle at 6:34 AM on January 3, 2002
You can read someone else's spam instead of your own
posted by Outlawyr at 6:40 AM on January 3, 2002
posted by Outlawyr at 6:40 AM on January 3, 2002
Well, I can see one big problem. People signing up for Hotmail accounts, and then registering for Amazon, BN, CDNOW, Half, et cetera, using their Hotmail address.
With someone's Hotmail account, an attempt could be made to retrieve a password registered with such a site and then (if the credit card is on file), either purchasing items fraudulently or attempting to retrieve credit card numbers.
posted by tpoh.org at 8:34 AM on January 3, 2002
With someone's Hotmail account, an attempt could be made to retrieve a password registered with such a site and then (if the credit card is on file), either purchasing items fraudulently or attempting to retrieve credit card numbers.
posted by tpoh.org at 8:34 AM on January 3, 2002
So with the form previously mentioned, it appears that this is not a bulk-mail scam.
So I wonder why they chose my Hotmail address? The user-ID part of my Hotmail address is part of a domain name that I used to own. That domain name has since been registered to someone else, and a functioning website exists there. Maybe the person thought I was the domain name's current registrant.
posted by tpoh.org at 8:42 AM on January 3, 2002
So I wonder why they chose my Hotmail address? The user-ID part of my Hotmail address is part of a domain name that I used to own. That domain name has since been registered to someone else, and a functioning website exists there. Maybe the person thought I was the domain name's current registrant.
posted by tpoh.org at 8:42 AM on January 3, 2002
With someone's Hotmail account, an attempt could be made to retrieve a password registered with such a site and then (if the credit card is on file), either purchasing items fraudulently or attempting to retrieve credit card numbers.
Do these sites still allow free email addresses to be used? Jeez, even many porno sites don't allow that anymore (err...so I've been TOLD!)
posted by HTuttle at 8:55 AM on January 3, 2002
Do these sites still allow free email addresses to be used? Jeez, even many porno sites don't allow that anymore (err...so I've been TOLD!)
posted by HTuttle at 8:55 AM on January 3, 2002
What we (err, I) need is a translation of the pages on the Tahribat.com site. What is this guy up to?
posted by rschram at 11:01 AM on January 3, 2002
posted by rschram at 11:01 AM on January 3, 2002
The arab/engish translator was unhelpful. If you'd like to mess around further, use username/password mefi/mefi.
posted by daver at 11:42 AM on January 3, 2002
posted by daver at 11:42 AM on January 3, 2002
Well, I know that tahribat means "to plunder, pillage, devastate."
posted by rschram at 11:57 AM on January 3, 2002
posted by rschram at 11:57 AM on January 3, 2002
maybe the arab / english translator was unhelpful because it's in turkish.
posted by jnthnjng at 1:05 PM on January 3, 2002
posted by jnthnjng at 1:05 PM on January 3, 2002
« Older Snow is falling throughout the WRAL-TV viewing... | according to andy borowitz, the cia is using Newer »
This thread has been archived and is closed to new comments
posted by tpoh.org at 9:09 PM on January 2, 2002