[amsat-bb] Re: Nigerian scam span purporting to be from W0SL

Jim Jerzycke kq6ea at verizon.net
Sat Jun 29 06:40:34 PDT 2013 

IIRC, Yahoo! took over for most of the Bells. My Pacbell.net account is 
now managed by Yahoo!, and I had a similar event happen last year, as 
well as a friend of mine who had her account with another Baby Bell 
compromised.

Considering how much support is off-shored these days, it wouldn't 
surprise me if it was an "inside job".

73, Jim  KQ6EA


On 06/29/2013 08:42 AM, Phil Karn wrote:
> On 06/26/2013 03:31 PM, Roy wrote:
>> Thanks Phil.  Yes, I'm not sure how it was done but the settings are
>> correct in my PC.  AT&T has helped me to assign a new password to my
>> account to shut this down.  They say it appears to have been hacked on
>> the AT&T web mail site.
>
> Interesting. I saw no actual evidence in the scam mail itself that 
> your account had been hacked.
>
> This particular message was sent through Yahoo's webmail service. 
> Anyone could subscribe to the amsat-bb list and see who its 
> contributors are, so they would know who to send the scam spam to.
>
> (Wait -- does Yahoo provide service for swbell.net?)
>
> Without cryptographic authentication it's easy to forge email from 
> anyone; SPF helps somewhat but it's often not implemented and is 
> frequently ignored even when it is. In this case I perused the headers 
> myself and saw the IP address 41.71.175.195, which happens to be in 
> Nigeria (look it up!)
>
> It's somewhat trickier to intercept the replies. In this case they did 
> it with a Reply-To: header to a fraudulent account 
> (rdwelclh at yahoo.com) that'd be easy to miss if you weren't looking for 
> it.
>
> I had theorized that they did this because they hadn't actually gotten 
> into your swbell.net account, but it's possible they did it anyway so 
> that they'd still get any replies from victims after your account had 
> been secured or shut down. It would take a little longer to get 
> rdwelclh at yahoo.com shut down since it's at a different service provider.
>
>
> _______________________________________________
> Sent via AMSAT-BB at amsat.org. Opinions expressed are those of the author.
> Not an AMSAT-NA member? Join now to support the amateur satellite 
> program!
> Subscription settings: http://amsat.org/mailman/listinfo/amsat-bb
>

More information about the AMSAT-BB mailing list