- Samuel's Blog - https://samuelgordonstewart.com -

Five emails…because we know you’ll ignore the first four!

Posted By Samuel On In Bizarreness,Lunacy/Idiots,Samuel's Editorials | Comments Disabled

It must have been International Loopy Spammer day yesterday. For some reason I received the same bit of spam five times…the exact same email to the exact same email address five times.

The spam in question was titled “[TKO] : your (eBay) account could be suspended” and was, not surprisingly, a bogus email about an eBay account being suspended. Unfortunately these spammers aren’t very bright, they have copied various aspects of eBay messages, but not very well.

For example, there is no “from” or “reply-to” address, and as such these emails, which slipped past the spam filter somehow, landed in my inbox, and not in my eBay folder…there are further dead giveaways in the email itself.

eBay sent this message to member of ebay
Your registered name is included to show this message originated from eBay.

Hmmm, surely my eBay username should be in the first sentence then.

The links are very amusing, most eBay scam emails have links to real pages on eBay…these scammers managed to link to Yahoo Mail’s login page instead, and include faulty javascript redirects to the actual eBay pages, they even managed to have the fualty javascript redirect on an ebay.com link point to ebay.com.au

The link to “update your user account details” (which basically means “give us all your personal info so we can commit identity theft”) comes from a “respond now” button, which in a real eBay email would take you to eBay’s message centre, but in this case is the only working link, and takes you to http://madahbahana.org/signin.ebay.com

madahbahana.org is registered to something called the “Indomarching Group” in Jakarta, which for a while was using the website to “sell” fake university degrees, unfortunately in the last 24 hours or so the website has been destroyed and now only returns “403 forbidden” messages…which is a pity because I would have liked to see how bad their attempt at emulating a real eBay page was.

For the record, I received the emails yesterday at 6:06am, 6:09am, 5:41pm, 5:43pm and 6:11pm.

The headers from one email show that a php script at zvvurk.nl on behalf of 125.160.82.205 sent the emails, and the people responsible used Microsoft Word to write the emails…they really are dumb.

Update: Since writing this post I have received another one of these emails, it came in at 9:14am. End Update

Samuel