Got a wonderful piece of spam recently

Jan. 24th, 2018 07:57 pm
thewayne: (Default)
[personal profile] thewayne
From: Yahoo Security <87503176.11BF7B5CFC9BBB4072468Asadewnaxdfanuw@fviggqnauynfwi.com>
To: ww...
Sent: Monday, January 22, 2018 6:55 AM
Subject: Something is Wrong With Your Email Account

You need to call now 1 855-XXX-XXXX

We Have Detected Unusual Activity With Your Yahoo Account on Your Computer

Login Has Occurred on 1/22/2018 @ 3:04 AM EST

From IP: 34.124.12.1 Geo Location Found: Eastern Russia

If This Was Not You Please Call the Yahoo Security Team
(Be at your computer)

1 855-XXX-XXXX


First off, take a look at that wonderful email address. Yeah, that's clearly Yahoo Security.

Next, Look At How Every Word (almost) Is Capitalized. Doesn't everyone Send Emails Like That?

One might assume that this originated in Russia. Maybe yes, maybe no. Wherever it came from, they used American date format and an American time zone. Now the IP address is interesting. If you do a lookup of an address, you can usually find out who the ISP is. In this case, it's HALLIBURTON IN HOUSTON, TEXAS! Remember Dick Cheney's old digs before he became Dubya's veeps? Yep, them. So somehow an IP address of 34.124.12.1, which terminates in Houston, TX, somehow generated a login to my Yahoo email in Eastern Russia?

You can look up the location of an IP address at sites such as https://www.melissadata.com/lookups/iplocation.asp.

You'd think these twits could at least have looked up a big city in eastern Russia and gotten their IP address to give it some verisimilitude.

I tried doing a traceroute on the address, but after it left my ISP after the third hop, it just sort of died. I suspect Halliburton.com has some sort of countermeasures that eats such requests and puts the incoming traceroute packets in to a loop: I killed the program after 50 steps without result. Houston shouldn't have taken more than 8 hops or so from southen NM to establish it was in SE Texas.

I blocked out the phone number: according to 800notes.com, some people have called it and it has something to do with Hillary and Russian collusion.
Tags:
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2018-01-25 09:10 am (UTC)
bibliofile: Fan & papers in a stack (from my own photo) (Default)
From: [personal profile] bibliofile
I recently got some spam from The Illuminati. I should've saved it and forwarded it to you for More Fun With Headers.

Date: 2018-01-25 11:16 am (UTC)
thewayne: (Default)
From: [personal profile] thewayne

Ooooh, I wish you had kept it!  I would have liked to have seen that one!

Date: 2018-01-25 10:48 am (UTC)
moxie_man: (Default)
From: [personal profile] moxie_man
It's rare that spammers make it through my ISPs anti-spam filters. So I don't get to read "fun" junk like this.

Date: 2018-01-25 11:17 am (UTC)
thewayne: (Default)
From: [personal profile] thewayne

This is my Yahoo Mail account, I use web mail exclusively.  I haven't used ISP email in decades.

Date: 2018-01-25 05:32 pm (UTC)
silveradept: A kodama with a trombone. The trombone is playing music, even though it is held in a rest position (Default)
From: [personal profile] silveradept
That's certainly a way to get someone to listen to your political screed.
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

thewayne: (Default)
The Wayne
Spare Brains Games

July 2025

S M T W T F S
   1 2345
6789101112
13141516171819
20212223242526
2728293031  

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Jul. 7th, 2025 09:27 pm
Powered by Dreamwidth Studios