Forum Navigation

Email Scam: activemiddle.com

 
Post new topic   Reply to topic    Zombie Nexus Forum Index -> Security
View previous topic :: View next topic  
Author Message
NightSpirit
Site Admin


Joined: 26 Nov 2002
Posts: 2955
Location: Enfield, London, UK

PostPosted: Thu Sep 29, 2005 3:54 pm    Post subject: Email Scam: activemiddle.com Reply with quote

News of yet another email scam has been passed on to me which follows the same format as previous ones (dvdzone22.com and Ebay/3322.org).

This one is sent out with the following message:

NOTIFICATION:YOUR TRANSACTION DECLINED

Dear customer,
Unfortunately your bank transaction has not been authorized.

Your receipt #5203660483
 
Billed To:
C Yapp
3 Highpath Way
Basingstoke, RG24 9SU
Hampshire Order Number: M95039795
Receipt Date: 29/09/05
Order Total:  GBP 204.07
Billed To: Visa

You've specified the following email as reachable.
Your username is "toothly" and your password is "mega100".

Information regarding your personal information
can be viewed at http://www.activemiddle.com

Active-Middle Group Inc


Note that the fellow employee that recieved this is not "C Yapp" or living in Hampshire.

The domain in question (activemiddle.com) has been registered with the following details:

      Frederick Tam         fredtam777@yahoo.com
      Frederick Tam
      165 Alto Loma
      Millbrae, CA 94030
      US
      +1.6506527895

   Record created on 2005-09-26 01:24:49.
   Record expires on 2006-09-26 01:24:49.

   Domain servers in listed order:

      ns1.dreamhost.com
      ns2.dreamhost.com
      ns3.dreamhost.com


Plenty of indications that this is a scam, so as before make sure that you are aware of these so that you don't fall for them and can help less technically-minded friends and family to do avoid them too.

_________________
Whedon: We will rule over this time slot, and we will call it... "This Time Slot".

Fox: I think we should call it... your grave!

Whedon: Ah, curse your sudden but inevitable betrayal!

Fox: Ha ha HA! Mine is an evil laugh...now die!

-- Rei
Back to top
View user's profile AIM Address MSN Messenger
aj_mccarthy
Guest





PostPosted: Sun Oct 02, 2005 5:24 pm    Post subject: More sinister? Reply with quote

I recieved this email within the space of five minutes to all three of my regulary used email accounts. Is somebody sniffing on my traffic to get this information? I know of nowehere this information is publically available.
Back to top
NightSpirit
Site Admin


Joined: 26 Nov 2002
Posts: 2955
Location: Enfield, London, UK

PostPosted: Sun Oct 02, 2005 10:31 pm    Post subject: Reply with quote

Well, it is possible if you have any viruses/trojans/spyware on your machine, so make sure you scan for all those with up-to-date tools. However, this email was recieved by a colleague at work and our machines are kept uptodate with anti-virus software and the person in question is hardly likely to be downloading any infected programs or viewing compromised webpages, so it's likely to be a friend or relative that has the email addresses on their machine who is infected with something that is sending out the data.
_________________
Whedon: We will rule over this time slot, and we will call it... "This Time Slot".

Fox: I think we should call it... your grave!

Whedon: Ah, curse your sudden but inevitable betrayal!

Fox: Ha ha HA! Mine is an evil laugh...now die!

-- Rei
Back to top
View user's profile AIM Address MSN Messenger
Guest






PostPosted: Wed Oct 05, 2005 4:49 pm    Post subject: Reply with quote

Not always 'HIGHPATH WAY' - same postcode but CHURCH WAY (at least HIGHPATH WAYexists) see below
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The system reported the following error:
KEEP CRD DECLINE NOT AUTHORIZED

Your receipt #1180065919

Billed To:
H WALL
14 Church Way
Basingstoke, RG24 9SU
Hampshire Order Number: M95039795
Receipt Date: 04/10/05
Order Total: GBP 301.04
Billed To: Visa

Information regarding your personal information can be viewed login in http://www.expressprocessing.com/ Your usercode is 32825453 Your passcode is 3154486

This site is powered by the SecureTrading payment system which means that your credit card details are fully encrypted using the most sophisticated e-payment software.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Back to top
NightSpirit
Site Admin


Joined: 26 Nov 2002
Posts: 2955
Location: Enfield, London, UK

PostPosted: Wed Oct 05, 2005 5:28 pm    Post subject: Reply with quote

Thanks for the post, I wasn't sure how much of the data would be variable. The registration info for that domain is interesting tho:
Registrant Contact:
This Name Is For Sale - Make An Offer To: adosiltd@gmail.com
Make An Offer For This Domain Contact: adosiltd@gmail.com (adosiltd@gmail.com)
+852.85291284132
Fax: +1.2535954923
GPO Box 12295, Central
Hong Kong, 0000
HK

Creation date: 19 Jun 2001 07:27:21
Expiration date: 19 Jun 2006 07:27:21


This time it's quite a long-standing domain, yet up for sale. Presumably the owner has given up hope of selling it to any legitamate company now that it's being used for emailed phishing scams.

_________________
Whedon: We will rule over this time slot, and we will call it... "This Time Slot".

Fox: I think we should call it... your grave!

Whedon: Ah, curse your sudden but inevitable betrayal!

Fox: Ha ha HA! Mine is an evil laugh...now die!

-- Rei
Back to top
View user's profile AIM Address MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Zombie Nexus Forum Index -> Security All times are BST
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum

ZBN Codebase (version 3.4.6)
Copyright © 2001 - 2009 Fraser Pearce & Graeme Wheeler. All Rights Reserved.
All trademarks and logos are the property of their respective owners.

Powered by phpBB © 2001, 2005 phpBB Group
Enhanced by these phpBB Mods and Hacks