Posted on 07/09/2004 7:21:06 AM PDT by rwfromkansas
I rarely notify folks about a scam, but this is the most sophisticated "spoofing" scam that I have seen (where they send you an e-mail saying you need to update your account, faking an e-mail address to try to get you to give them your credit card). It did not get sent to my bulk folder.
Instead of only directing you to his website, this scammer has the gall to then redirect you to the REAL Amazon.com site. You do NOT see the referring website in the process, so it looks like you go directly to the Amazon.com page unless you take a peek at the back button on your browser, in which the scammer's website is listed.
There are several hints that it is a scam, but you can only catch some if you have your e-mail set to show full headers, which I did not in my Yahoo Mail, though I turned it on to check it out.
Here are some reasons you know it is a scam:
1) Spelling errors...Amazon would not spell "you" with teen girl instant message speak "u." I did not notice these until my second reading due to conditioning from reading girl IM's etc...I was used to this shorthand and did not think anything of it at first. So, if you are conditioned due to online chat or something not to think anything is odd by such spelling, make sure to pay attention to the spelling when you read the e-mail.
2) None of the originating e-mail info in the headers is from amazon.com. Instead, they belong to stone.he.net. You have to have headers on to realize this though!
3) If you right-click on the supposed Amazon.com link and check its properties, you see it goes to wastedgoods.com, not Amazon.com.
4) Contrary to what they the scammer says, none of my account options were shut off on Amazon.com when it redirected me to the legit site. Plus, the help section did not indicate Amazon ever sends e-mails out to verify account info.
5) Right click on the pop-up box (which comes from the wasted goods site right before it sends you to the real Amazon page). The link goes to wasted goods, not amazon, so it clearly is a hoax. If this were legit, Amazon would have popped up the box.
BE CAREFUL FOLKS.
---
Here is the e-mail, including the headers (w/my e-mail removed to avoid spam bots who might crawl FR):
X-Apparently-To: rwfromkansas via 66.218.93.111; Thu, 08 Jul 2004 20:04:34 -0700 X-Originating-IP: [66.160.149.2] Return-Path: Received: from 66.160.149.2 (HELO stone.he.net) (66.160.149.2) by mta319.mail.scd.yahoo.com with SMTP; Thu, 08 Jul 2004 20:04:34 -0700 Received: from stone.he.net ([127.0.0.2]) by stone.he.net for ; Thu, 8 Jul 2004 20:04:26 -0700 Message-Id: <1089342266.29426@stone.he.net> Date: Thu, 8 Jul 2004 20:04:26 -0700 Subject: Amazon® Fraud Verification Process From: aw-accounts@amazon.com Add to Address Book Content-Type: text/html Content-Length: 960
Dear Amazon client, We recently reviewed your account, and suspect that your Amazon account may have been accessed by an unauthorized third party.Protecting the security of your account and of the Amazon network is out primary concern.
Therefore, as a preventative measure, we have temporarily limited access to sensitive Amazon account features.
Click the link below in order to regain access to your account: http://www.amazon.com/exec/obidos/flex-sign-in/ref=ya_hp_pay_1/102-7498192-8573767
Note: If u use popup killers please disable them.A popup window will apear please fill out the form with your corect information.
For more information about how to protect your account, please visit Amazon Security Center.
Sincerely, The Amazon Security Department Team.
We apologize for any inconvenience this may cause, and apriciate your assistance in helping us maintain the integrity of the entire Amazon system. Thank you for your prompt attention to this matter. Please do not reply to this mail.Mail sent to this address cannot be answered. For assistance, log in to your Amazon account and chose the "Help" link in the header of any page.
---
Here is WHOIS registration info on wastedgoods.com:
Whois Output for: wastedgoods.com
Domain Name Owner: wasted gods ltd. 8 Palmer Street Quincy, MA 02169 US
Administrative Contact: wasted gods ltd. Whitaker, Orion [OW-10] 8 Palmer Street Quincy, MA 02169, US Phone: 978 828-1490 Email: akyrra00@yahoo.com
Technical Contact: Omnis Network Network, Omnis [ON-1] 3655 Torrance Blvd Suite 230 Torrance, CA 90503, US Phone: (310)316-2744 Fax: (310)316-4991 Email: nicreg@omnis.com
Billing Contact: wasted gods ltd. Whitaker, Orion [OW-10] 8 Palmer Street Quincy, MA 02169, US Phone: 978 828-1490 Email: akyrra00@yahoo.com
Record Information: Domain Record Created: July 06, 2004 00:00 Domain Record Updated: July 07, 2004 07:13 Domain Record Expires: July 06, 2005 00:00
DNS Information: Name Server: ns1.omnis.com Name Server: ns2.omnis.com
Better yet, we should call him at the number given in the WHOIS search and have some fun, saying his account information accidentally was released to some people online etc....lol
The technical contact at Omnis is the dude who has the power to halt this guy's account if we let him know about this.
Folks.....be careful out there...make sure you do NOT enter credit card info from an e-mail, no matter how legit it looks.
Call the company or e-mail the company....don't trust an e-mail; they can be spoofed.
If you get an e-mail like this, report it to: stop-spoofing@amazon.com Make sure you have e-mail headers shown.
I have reported this to Amazon.
The same scam was going on at EBay not too long ago.
Thanks for the info, rw.
I work with a lot of 20 something computer science grads... man, they can pump out programs and take apart and put together a pc in minutes... but they cannot write or spell - notice the same thing in this guys e-mail? A sure tip-off.
...did not notice these until my second reading due to conditioning from reading girl IM's etc...
OK, what are you doing reading 'girl IM's etc'? ;-) (kidding. I have a teen daughter and I always pay attention when she's on the computer!)
I don't like amazon. I ordered the same book three times and it never came. to their credit they never charged my card, but after that I won't do business with them if they don't wanna sell me what I order.
I keep getting emails from "paypal" - very sophisticated, looks just like a paypal email and even has paypal in the return address.
It tells me that a new email address was added to my paypal account, (which immediately panics you) and says to correct that go to "this link' and delete that address from your account.
Of course it is a scam, but I imagine lots of people fall for it. I have been getting the same email for quite a few months now, so I assume paypal is having trouble shutting it down.
Tell these people that they will soon be hearing from your lawyer and probably the FBI - give them the particulars.
Network Solutions reserves the right to modify these terms at any time.
Registrant:
Hurricane, Electric (HE2-DOM)
Hurricane Electric Hostmaster
Hurricane Electric
760 Mission Court
Fremont, CA 94539
US
Domain Name: HE.NET
Administrative Contact, Technical Contact:
Hurricane Electric (HE468-ORG) hostmaster@HE.NET
Hurricane Electric
760 Mission Court
Fremont, CA 94539
US
510 580 4100 fax: 510 580 4151
Record expires on 30-Jul-2011.
Record created on 31-Jul-1995.
Database last updated on 9-Jul-2004 10:27:30 EDT.
Domain servers in listed order:
NS1.HE.NET 216.218.130.2
NS2.HE.NET 216.218.131.2
NS3.HE.NET 216.218.132.2
That's weird... I've ordered literally hundreds of dollars worth of books from amazon in the last 4 or 5 years and there's never been a problem with anything.
I received one for Citibank this week. It was easy to pick up since they sent it to me as the owner of a Yahoo Group. They wanted you to update your account information with Citibank. I sent it to their fraud department.
I cancelled my amazon, paypal and ebay accounts last month. It's just too crazy out there.
I get eBay scam letters like this all the time. Paypal too. I bet I've reported over 100 in the past year. Email (with headers) to spoof@ebay.com or spoof@paypal.com.
I got one from Citibank once. I knew it was a scam because I'm not a customer. My mom is and she doesn't use a computer. It was very very realistic.
This happened in exactly the same way to eBay users a couple months back.
Who at the Federal government has jurisdiction over prosecuting these scam artists?
well I started when they were young. I tried to order a book I first read as a child for my daughter. I tried to order it three times over the years. She's too old for it now, but that foul taste remains.
Curious ... where did you get wastedgoods.com from?
The IP address in the header goes to the network I listed earlier. HE.NET
"The same scam was going on at EBay not too long ago."
This scam also makes the rounds on AOL.
Thank U 4 the warning. I will B watching 4 it.
I get messages like this often. Without exception I assume it's a fraud. Period. I don't respond and don't click any links. If it's something that concerns me, I'll close the email and login to the company's website myself, independent of any links in the email.
The biggest tipoff is that I get emails like this at an email address I never used for web logins or registrations. The only way I would get a warning like that at that address is if it's a scam.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.