Wednesday, August 09, 2006

Fun with Spam....

I got a fun one the other day. It opened with an add for 1-800-PetMeds, but clearly wasn't from that company. The email was raw text and the links weren't even close to what they were claiming. Since I had the safety of reading the email via Lynx and Mutt (as in, I only got text) so I started poking around...

Without further ado, Fun With Spam!

Lets start with the Unsubscribe options that were listed at the bottom of the email:
To unsubscribe Go to:
<url>
Or write to: 1441 SW 29th Avenue Pompano Beach, FL 33069
Please refer all questions, opinions or additional feedback to
freshhealthystuff@gmail.com or write to:
Fresh Healthy Stuff
1465 Woodbury Avenue
# 334
Portsmouth, NH 03801

Okay, which is it: the Florida address or the New Hamshire one? I wouldn't click on the URL if you paid me, but lets find out where it points to and see if it provides some hints as to which address might win. I honestly doubt there is a physical office attached to this, but we'll see.

All of the URLs in the email point to rare-term-insurance.net so lets see who that is.
indiantown, fl, 34956
Yes fellow geeks, I'm giving them some level of privacy. If you were good enough to recognize that, you are good enough to look up the rest yourself. *grins*

Hmm, that's 3 physical addresses now. All the email addresses and links all point to the same domain. Lets take a look at what a websurfer would get using wget. First up, we get bounced from the rare-term-insurance.net domain over to users.marketleverage.com who says their physical offices are in
Heathrow, FL 32746
Another vote for somewhere in Florida, and our 4th unique address. Now the fun has begun. The script for the page at users.marketleverage.com looks like a complete front end to 1800PetMeds.com.

I didn't dig too deep here, but this is starting to look like a phishing scam. I bet if we dug deep enough we could figure out what details are being collected. Account information and credit cards more than likely, but I've spent enough time on this one - I forwarded it to the actual petmeds guys for them to deal with.
--
Moral of the story; be sure of what you are cliking on before you click on it! I doubt you'd notice much of a difference between the non-1800petmeds site and the real petmeds site, aside from some requiring extra email validation, etc.

The best joke? This site boasts "HACKER SAFE certified sites prevent over 99.9% of hacker crime."

And I guarantee someone believed it.

1 comment:

Mr. X said...

Wait, isn't there a law banning hacking? I thought that passing a law prevented this. How dare they?