New phishing variation?

Discussion in 'other security issues & news' started by MikeBCda, Oct 6, 2005.

Thread Status:
Not open for further replies.
  1. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    I got an email last night, supposedly from godaddy-dot-com, thanking me for my (supposed) order and advising that my credit card would be debited within the next 24 hours. The amount was interesting, $797.14 -- I searched both here and Google with no results, but I could swear seeing somewhere that amount, or close to it, is currently being very widely used in scam attempts.

    I just got off the phone from a discussion with Visa's Security department -- they don't even have an authorization request for this, much less an actual debit.

    Interestingly, no "standard" phishing request to supply ID etc. Among the other data shown is a customer-service phone no., and Visa and I agreed that we may be looking at a new "teaser" variation on phishing, where they're hoping for a response via phone from a baffled email recipient.

    Anyone else heard of this one? It may be a new trick we'll have to watch out for.
     
  2. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    Yep, I have had a couple of these, one today in fact. Saying my credit card payment of £104 to Mr, such and such of Basingstoke, has been refused , and to get in touch or visit their website, which has ''Quickdimer'' part of the address, speaks for itself doesnt it. Needless to say I ignored it.
    Gordon
     
  3. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    Thanks, that's pretty much the usual approach from "phishermen".

    I thought mine was particularly interesting, and possibly a new tactic, since there's absolutely no "please contact us" request of any kind in it.
     
  4. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    Got another phishing email today.........


    Theyll be lucky!!!!!!!!!
    Gordon
     
  5. emzi

    emzi Guest

    OMG OMFG i have the same emaial today

    Dear Customer.
    You've specified this e-mail as reachable.

    Sorry,we were unable to process your transaction
    at this time for the following reason:

    Transaction Denied by Bank.

    Order details:

    Date: 10/28/05
    Order number is: 033865

    You have ordered the following:

    Price
    RING 1 170.80
    RING 2 50.00
    Setup fee 9.00

    +VAT 4.52
    _____________________________
    Total in GBP: 234.32

    Click on the LINK TO INVOICE:

    ive been getting loads of these things and no one is falling for it so they should give there great idea up now and try sumfing els
    anyways i dont even have a credit card or bank account idots talk about getting your reserach right

    anyways its thanks to web sites like this that the potentail scam vitims can look this up and not get done over

    bloody shame that they are trying to con so many people by emails talk about cowardly i think its discusting when i think of older people that are not up to grips with the internet and how someone like that could be coned the b******s
     
  6. The website it links to has a generic Javascript vulnerability virus attached to it.
     
  7. NikkD

    NikkD Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    1
    Here's one I received today:

    <<Dear customer!

    We are unable to obtain payment from your credit card on file for your account.
    Your credit card company returned the following error to us:

    Charge Not Approved

    ORDER #0220215

    Billed To:
    GN-SHOP
    16 Turnstone Way
    Watermead, HP19 0WW
    Aylesbury
    Order Number: 0220215
    Receipt Date: 03/11/05
    Total Amount: GBP 179.22
    Billed To: Visa

    Please contact your credit card company to resolve this matter,
    or click on the LINK TO INVOICE now to change or delete your credit card information.

    Link removed--Ron

    Sincerely,
    Goldnow Customer Service. >>

    Don't these guys ever learn??

    Nick
     
    Last edited by a moderator: Nov 4, 2005
  8. minyas

    minyas Guest

    Yep

    I got the same one from GN Shop in Aylesbury. If anyone has any info on whether I should look at any hacking activity on my machine, I'd appreciate it!

    As received:

    Dear customer!

    We are unable to obtain payment from your credit card on file for your account.
    Your credit card company returned the following error to us:

    Charge Not Approved

    ORDER #0220215

    Billed To:
    GN-SHOP
    16 Turnstone Way
    Watermead, HP19 0WW
    Aylesbury
    Order Number: 0220215
    Receipt Date: 03/11/05
    Total Amount: GBP 179.22
    Billed To: Visa

    Please contact your credit card company to resolve this matter,
    or click on the LINK TO INVOICE now to change or delete your credit card information.

    Link removed--Ron


    Sincerely,
    Goldnow Customer Service.
     
    Last edited by a moderator: Nov 4, 2005
  9. MitchPixx

    MitchPixx Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    1
    Location:
    Abingdon, Oxon
    I got the same email - but with a title that gave me a bit of a jolt!!

    "YOUR ACCOUNT TEMPORARILY BLOCKED

    Goldnow Customer Service [reeling@diannevetromile.com]

    Dear customer!

    We are unable to obtain payment from your credit card on file for your account.
    Your credit card company returned the following error to us:

    Charge Not Approved

    ORDER #0220215

    Billed To:
    GN-SHOP
    16 Turnstone Way
    Watermead, HP19 0WW
    Aylesbury
    Order Number: 0220215
    Receipt Date: 03/11/05
    Total Amount: GBP 179.22
    Billed To: Visa

    Please contact your credit card company to resolve this matter, or click on the LINK TO INVOICE now to change or delete your credit card information.

    [link removed]

    Sincerely,
    Goldnow Customer Service."

    Was interested to see the email address that the email supposedly came from as well!!

    Anyone know why these people bother?

    Mitch
     
  10. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    Hi guys,
    I have been trying out the Fraud eliminator toolbar, which gives you some info on the websites you visit. I tried entering 'Goldnow' [just to see] and the toolbar told me the website is less than a week old and is based in Denmark. A long way from Aylesbury !!!. I reported the website to the people at Fraud eliminator to add it to their list of scamsites.
    I hope you are reading this Goldnow!


    Gordon
     
  11. Mark Reece

    Mark Reece Guest

    I also got this variation - assume its the same hazard on the web site. The host name was nlpshoping.comhtml


    Dear Customer.
    You've specified this email as reachable.

    Unfortunately, we were unable to process your transaction
    at this time for the following reason:

    Transaction Denied by Bank.

    Order details:

    Date: 10/20/05
    Your order number is: 203401

    You have ordered the following:

    Price
    Book 1 60.80
    Book 2 50.00
    Setup fee 9.00

    +VAT 17.5% 4.52
    _____________________________
    Total in GBP: 124.32

    Click on the LINK TO INVOICE:

    *** removed link ***

    Customer Support
     
  12. Egg beta

    Egg beta Registered Member

    Joined:
    Oct 5, 2005
    Posts:
    14
    Location:
    UK
    Yes, I got one of these too. The same variation as that posted by MitchPixx - "YOUR ACCOUNT TEMPORARILY BLOCKED".

    I did a google for Goldnow and found goldnow-dot-st which appears to be legit, but what do I know? Hence I've refrained from putting the actual link here, but on the site I found this warning (all live links removed);
    Just thought you might like to know.
     
  13. chrisy82

    chrisy82 Guest

    I got one of those emails today only mine said something about goldnow-shop and it was for £179.22

    Weird!!!!!!
     
  14. Can someone on this thread give me a hand in finding out where these e-mails are coming from? All I need is an IP address and I will handle it from there.
     
  15. Trom

    Trom Guest

    I got a variant today with the following header:

    Return-Path: <dangelop@vgouk.com>
    Received: from n080.sc1.cp.net (64.97.168.34) by n071.sc1.cp.net (7.2.066)
    id 43474C2A007AA431 for [NAME.REMOVED]@virgin.net; Mon, 21 Nov 2005 13:52:27 +0000
    Received: from BOBBY (58.69.88.40) by n080.sc1.cp.net (7.2.069.1)
    id 43756CC400519289 for [NAME.REMOVED]@virgin.net; Mon, 21 Nov 2005 13:52:24 +0000
    Message-ID: <001a01c5ef28$f490b342$6400a8c0@BOBBY>
    From: <dangelop@vgouk.com>
    To: <[NAME.REMOVED]@virgin.net>
    Subject: Ordering information (Ref: 58404)
    Date: Mon, 21 Nov 2005 21:52:43 -0700

    I ran a APNIC whois on "BOBBY" (58.69.88.40) and got 58.69.0.0 - 58.69.127.0 = netname: PLDTDSL which appears to be: Philippine Long Distance Telephone Company. Timezone seems about right.

    My email was slightly diiferent - no contact details just a zip file
    "bde177.zip" containing "gsbill.exe" - Symantec (defs 20051120) says
    it's OK but I haven't run it :)

    Funny that they used USD for a UK email address - I guess they used the
    ".net" to guess the currency.

    Regards,
    Trom

    Here's the text...

    Dear Customer.

    You've specified this e-mail as reachable.

    Sorry,we were unable to process your transaction
    at this time for the following reason:

    Transaction Denied by Bank.

    Order details:

    Date: 11/21/05
    Order number is: 846362

    You have ordered the following:

    Price
    RING 1 108.30
    RING 2 141.40
    Setup fee 2.00

    +VAT 67.75
    _____________________________
    Total in USD: 257.90

    Please see attached file.

    GOLDNOW SHOP Billing Team.

    Thank you for choosing CCBill as the eMerchant for your subscription!
     
  16. aasaaw23

    aasaaw23 Guest

    me too - got this with an attached zip file

    Dear Customer.

    You've specified this e-mail as reachable.

    Sorry,we were unable to process your transaction
    at this time for the following reason:

    Transaction Denied by Bank.

    Order details:

    Date: 11/21/05
    Order number is: 934208

    You have ordered the following:

    Price
    RING 1 143.30
    RING 2 131.20
    Setup fee 7.00

    +VAT 86.93
    _____________________________
    Total in USD: 231.10

    Please see attached file.

    GOLDNOW SHOP Billing Team.

    Thank you for choosing CCBill as the eMerchant for your subscription!
     
  17. Psydotek

    Psydotek Guest

    This is what i got:
    I googled "goldnow shop" and it brought up this page. Good to know it's a phishing scam.
     
  18. Here's one that I recieved today, 11-21.



    Return-Path: <drjv@kbeerlover.com.au>
    Received: from mx09.lax.untd.com (mx09.lax.untd.com [10.130.24.69])
    by maildeliver26.lax.untd.com with SMTP id AABB2D7J6AZKMBN2
    for <MYEMAIL@ADDRESS.com> (sender <drjv@kbeerlover.com.au>);
    Mon, 21 Nov 2005 08:26:04 -0800 (PDT)
    Received: from MARCELLO (host74-110.pool8250.interbusiness.it [82.50.110.74])
    by mx09.lax.untd.com with SMTP id AABB2D7H6AD37F6S
    for <MYEMAIL@ADDRESS.com> (sender <drjv@kbeerlover.com.au>);
    Mon, 21 Nov 2005 08:25:32 -0800 (PST)
    Message-ID: <002c01c5eeb8$2fa13f50$2101a8c0@MARCELLO>
    From: <drjv@kbeerlover.com.au>
    To: <MYEMAIL@ADDRESS.com>
    Subject: Transaction information (Ref: 027)
    Date: Mon, 21 Nov 2005 17:25:29 +0200
    MIME-Version: 1.0
    Content-Type: multipart/related;
    type="multipart/alternative";
    boundary="----=_NextPart_000_0028_01C5EEC0.9160F830"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2900.2180
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    X-ContentStamp: 6:3:3535772318
    X-UNTD-Peer-Info: 82.50.110.74|host74-110.pool8250.interbusiness.it|MARCELLO|drjv@kbeerlover.com.au
    X-UNTD-UBE:-1


    Dear Customer.

    You've specified this e-mail as reachable.

    Sorry,we were unable to process your transaction
    at this time for the following reason:

    Transaction Denied by Bank.

    Order details:

    Date: 11/21/05
    Order number is: 368736

    You have ordered the following:

    Price
    RING 1 104.60
    RING 2 184.40
    Setup fee 3.00

    +VAT 44.71
    _____________________________
    Total in USD: 261.10

    Please see attached file.

    GOLDNOW SHOP Billing Team.

    Thank you for choosing CCBill as the eMerchant for your subscription!
     
  19. ripper

    ripper Guest

    Dear Customer.

    You've specified this e-mail as reachable.

    Sorry,we were unable to process your transaction
    at this time for the following reason:

    Transaction Denied by Bank.

    Order details:

    Date: 11/21/05
    Order number is: 055162

    You have ordered the following:

    Price
    RING 1 140.80
    RING 2 113.20
    Setup fee 1.00

    +VAT 35.35
    _____________________________
    Total in USD: 248.60

    Please see attached file.

    GOLDNOW SHOP Billing Team.

    Thank you for choosing CCBill as the eMerchant for your subscription!

    interesting as Goldnow is a regit mailorder jewelery co. and ccnow is a legit billing co. but Goldnow doesnt use CCBill
     
  20. peebser

    peebser Guest

    Just got one too....

    You've specified this e-mail as reachable.

    Sorry,we were unable to process your transaction
    at this time for the following reason:

    Transaction Denied by Bank.

    Order details:

    Date: 11/21/05
    Order number is: 431876

    You have ordered the following:

    Price
    RING 1 183.80
    RING 2 135.10
    Setup fee 2.00

    +VAT 01.35
    _____________________________
    Total in USD: 233.80

    Please see attached file.

    GOLDNOW SHOP Billing Team.

    Thank you for choosing CCBill as the eMerchant for your subscription!
     
  21. texasboy_2

    texasboy_2 Guest

    I also got one today it said



    Dear Customer.

    You've specified this e-mail as reachable.

    Sorry,we were unable to process your transaction
    at this time for the following reason:

    Transaction Denied by Bank.

    Order details:

    Date: 11/21/05
    Order number is: 544003

    You have ordered the following:

    Price
    RING 1 184.70
    RING 2 112.10
    Setup fee 1.00

    +VAT 71.90
    _____________________________
    Total in USD: 239.20

    Please see attached file.

    GOLDNOW SHOP Billing Team.

    Thank you for choosing CCBill as the eMerchant for your subscription!




    what should I do?
     
  22. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,775
    Location:
    Texas
  23. scootnod

    scootnod Registered Member

    Joined:
    Oct 9, 2004
    Posts:
    30
    I got the same email in my Yahoo mail. There were no links to click on though.
     
  24. Old Coaster

    Old Coaster Guest

    I very nearly fell for it as my previous credit card was used for fraud and the first I knew was when an item bounced. I thought it was happening again. However, I checked the website behind the sender's address emilyijames@uae86.co.uk and it does not exist.

    There is clealy some malware in the attachment which is 27.5kb and zipped.

    OC
     
  25. Billsky

    Billsky Guest

    I got one as well. With an attachment. I'm a bit worried about opening the attachment.
     
Loading...
Thread Status:
Not open for further replies.