(yyrdyrtpcov@ppp59-232.dsl-blr.eth.net
[61.11.59.232](may be forged))
by email.uah.edu (8.12.10/8.12.10) with SMTP id i9QLmuki030885;
Tue, 26 Oct 2004 16:49:01 -0500 (CDT)
X-Original-To: whittena@email.uah.edu
Delivered-To: whittena@email.uah.edu
Received: from zenith.com (mailhost.zenith.com [209.235.193.108])
by fep5.landscapeusa.com (Postfix) with ESMTP id 77B74D93
for <whittena@email.uah.edu>; Tue, 26 Oct 2004 13:53:17 -0800
Received: from P76669 [206.16.0.136] by landscapeusa.com with ESMTP
(SMTPD32-8.03) id AFAD19378B0; Tue, 26 Oct 2004 13:53:17 -0800
Message-ID: <2189.24.226.35.148.1327044497.squirrel@zenith.com>
Date: Tue, 26 Oct 2004 13:53:17 -0800
Subject: buckthorn afield
From: "Randy Forbes" <Melody.Higgins@michiana.net>
To: whittena@email.uah.edu
User-Agent: SquirrelMail/1.4.2
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Importance: Normal
X-Scanned-By: MIMEDefang 2.35
Status:
X-PMFLAGS: 34078848 0 1 P2C980.CNM
[message portion that followed is displayed to the left.]
Use "Raw View" or "display headers" to disclose email headers and note the "red flags" emphasized in colored text above with inconsistent pairings noted in corresponding colors.
The bait: "You have been approved for 2.4%."
The hook:
You "must verify your information."
The clues in the message text above would for
for most folks be enough to signal, "Danger,
Will Robinson." Look at spelling and grammar.
Do you want more clues? Just look under the
hood at the raw information in the message
headers as noted to the left. It appears the
email was sent from India using a
PPP
connection. What legitimate reason is there for
the message to arrive via Zenith or Landscape?
Why would a loan brokerage firm spoof an
Indiana wireless company email address using
a Pennsylvania
ISP
while hosting their website
with a Korean ISP?
- 61.11.59.232 is registered to an entity in India: Videsh Sanchar Nigam Ltd.
- 209.235.193.108 to INETu, Inc.; Allentown, PA.
- outloan.net (221.139.3.247); Hanaro Telecom, Inc. of Seoul, Korea.
Checking out domain names with a browser reveals:
- LandscapeUSA.com is an online gardening supply store based in Portland, Oregon.
- http://zenith.com/ is the website of Zenith Electronics.
- The URL, michiana.net, belongs MapleNet, an Indiana wireless service company. Is it surprising that they apparently have no employees named either Melody Higgins nor Randy Forbes? Why is Lamar using Melody's email address with a Randy alias?