Email Scam: activemiddle.com

[NightSpirit]

News of yet another email scam has been passed on to me which follows the same format as previous ones (dvdzone22.com and Ebay/3322.org).

This one is sent out with the following message:

NOTIFICATION:YOUR TRANSACTION DECLINED

Dear customer,
Unfortunately your bank transaction has not been authorized.

Your receipt #5203660483
 
Billed To:
C Yapp
3 Highpath Way
Basingstoke, RG24 9SU
Hampshire Order Number: M95039795
Receipt Date: 29/09/05
Order Total:  GBP 204.07
Billed To: Visa

You've specified the following email as reachable.
Your username is "toothly" and your password is "mega100".

Information regarding your personal information
can be viewed at http://www.activemiddle.com

Active-Middle Group Inc


Note that the fellow employee that recieved this is not "C Yapp" or living in Hampshire.

The domain in question (activemiddle.com) has been registered with the following details:

      Frederick Tam         fredtam777@yahoo.com
      Frederick Tam
      165 Alto Loma
      Millbrae, CA 94030
      US
      +1.6506527895

   Record created on 2005-09-26 01:24:49.
   Record expires on 2006-09-26 01:24:49.

   Domain servers in listed order:

      ns1.dreamhost.com
      ns2.dreamhost.com
      ns3.dreamhost.com


Plenty of indications that this is a scam, so as before make sure that you are aware of these so that you don't fall for them and can help less technically-minded friends and family to do avoid them too.

[aj_mccarthy]

I recieved this email within the space of five minutes to all three of my regulary used email accounts. Is somebody sniffing on my traffic to get this information? I know of nowehere this information is publically available.

[NightSpirit]

Well, it is possible if you have any viruses/trojans/spyware on your machine, so make sure you scan for all those with up-to-date tools. However, this email was recieved by a colleague at work and our machines are kept uptodate with anti-virus software and the person in question is hardly likely to be downloading any infected programs or viewing compromised webpages, so it's likely to be a friend or relative that has the email addresses on their machine who is infected with something that is sending out the data.

[Guest]

Not always 'HIGHPATH WAY' - same postcode but CHURCH WAY (at least HIGHPATH WAYexists) see below
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The system reported the following error:
KEEP CRD DECLINE NOT AUTHORIZED

Your receipt #1180065919

Billed To:
H WALL
14 Church Way
Basingstoke, RG24 9SU
Hampshire Order Number: M95039795
Receipt Date: 04/10/05
Order Total: GBP 301.04
Billed To: Visa

Information regarding your personal information can be viewed login in http://www.expressprocessing.com/ Your usercode is 32825453 Your passcode is 3154486

This site is powered by the SecureTrading payment system which means that your credit card details are fully encrypted using the most sophisticated e-payment software.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[NightSpirit]

Thanks for the post, I wasn't sure how much of the data would be variable. The registration info for that domain is interesting tho:
Registrant Contact:
This Name Is For Sale - Make An Offer To: adosiltd@gmail.com
Make An Offer For This Domain Contact: adosiltd@gmail.com (adosiltd@gmail.com)
+852.85291284132
Fax: +1.2535954923
GPO Box 12295, Central
Hong Kong, 0000
HK

Creation date: 19 Jun 2001 07:27:21
Expiration date: 19 Jun 2006 07:27:21


This time it's quite a long-standing domain, yet up for sale. Presumably the owner has given up hope of selling it to any legitamate company now that it's being used for emailed phishing scams.