New phishing variation?

I got an email last night, supposedly from godaddy-dot-com, thanking me for my (supposed) order and advising that my credit card would be debited within the next 24 hours. The amount was interesting, $797.14 -- I searched both here and Google with no results, but I could swear seeing somewhere that amount, or close to it, is currently being very widely used in scam attempts.

I just got off the phone from a discussion with Visa's Security department -- they don't even have an authorization request for this, much less an actual debit.

Interestingly, no "standard" phishing request to supply ID etc. Among the other data shown is a customer-service phone no., and Visa and I agreed that we may be looking at a new "teaser" variation on phishing, where they're hoping for a response via phone from a baffled email recipient.

Anyone else heard of this one? It may be a new trick we'll have to watch out for.

 

Yep, I have had a couple of these, one today in fact. Saying my credit card payment of £104 to Mr, such and such of Basingstoke, has been refused , and to get in touch or visit their website, which has ''Quickdimer'' part of the address, speaks for itself doesnt it. Needless to say I ignored it.
Gordon

 

Thanks, that's pretty much the usual approach from "phishermen".

I thought mine was particularly interesting, and possibly a new tactic, since there's absolutely no "please contact us" request of any kind in it.

 

Got another phishing email today.........

Theyll be lucky!!!!!!!!!
Gordon

 

OMG OMFG i have the same emaial today

Dear Customer.
You've specified this e-mail as reachable.

Sorry,we were unable to process your transaction
at this time for the following reason:

Transaction Denied by Bank.

Order details:

Date: 10/28/05
Order number is: 033865

You have ordered the following:

Price
RING 1 170.80
RING 2 50.00
Setup fee 9.00

+VAT 4.52
_____________________________
Total in GBP: 234.32

Click on the LINK TO INVOICE:

ive been getting loads of these things and no one is falling for it so they should give there great idea up now and try sumfing els
anyways i dont even have a credit card or bank account idots talk about getting your reserach right

anyways its thanks to web sites like this that the potentail scam vitims can look this up and not get done over

bloody shame that they are trying to con so many people by emails talk about cowardly i think its discusting when i think of older people that are not up to grips with the internet and how someone like that could be coned the b******s

 

The website it links to has a generic Javascript vulnerability virus attached to it.

 

Here's one I received today:

<<Dear customer!

We are unable to obtain payment from your credit card on file for your account.
Your credit card company returned the following error to us:

Charge Not Approved

ORDER #0220215

Billed To:
GN-SHOP
16 Turnstone Way
Watermead, HP19 0WW
Aylesbury
Order Number: 0220215
Receipt Date: 03/11/05
Total Amount: GBP 179.22
Billed To: Visa

Please contact your credit card company to resolve this matter,
or click on the LINK TO INVOICE now to change or delete your credit card information.

Link removed--Ron

Sincerely,
Goldnow Customer Service. >>

Don't these guys ever learn??

Nick

 

Yep

I got the same one from GN Shop in Aylesbury. If anyone has any info on whether I should look at any hacking activity on my machine, I'd appreciate it!

As received:

Dear customer!

We are unable to obtain payment from your credit card on file for your account.
Your credit card company returned the following error to us:

Charge Not Approved

ORDER #0220215

Billed To:
GN-SHOP
16 Turnstone Way
Watermead, HP19 0WW
Aylesbury
Order Number: 0220215
Receipt Date: 03/11/05
Total Amount: GBP 179.22
Billed To: Visa

Please contact your credit card company to resolve this matter,
or click on the LINK TO INVOICE now to change or delete your credit card information.

Link removed--Ron

Sincerely,
Goldnow Customer Service.

 

I got the same email - but with a title that gave me a bit of a jolt!!

"YOUR ACCOUNT TEMPORARILY BLOCKED

Goldnow Customer Service [reeling@diannevetromile.com]

Dear customer!

We are unable to obtain payment from your credit card on file for your account.
Your credit card company returned the following error to us:

Charge Not Approved

ORDER #0220215

Billed To:
GN-SHOP
16 Turnstone Way
Watermead, HP19 0WW
Aylesbury
Order Number: 0220215
Receipt Date: 03/11/05
Total Amount: GBP 179.22
Billed To: Visa

Please contact your credit card company to resolve this matter, or click on the LINK TO INVOICE now to change or delete your credit card information.

[link removed]

Sincerely,
Goldnow Customer Service."

Was interested to see the email address that the email supposedly came from as well!!

Anyone know why these people bother?

Mitch

 

Hi guys,
I have been trying out the Fraud eliminator toolbar, which gives you some info on the websites you visit. I tried entering 'Goldnow' [just to see] and the toolbar told me the website is less than a week old and is based in Denmark. A long way from Aylesbury !!!. I reported the website to the people at Fraud eliminator to add it to their list of scamsites.
I hope you are reading this Goldnow!


Gordon

 

I also got this variation - assume its the same hazard on the web site. The host name was nlpshoping.comhtml


Dear Customer.
You've specified this email as reachable.

Unfortunately, we were unable to process your transaction
at this time for the following reason:

Transaction Denied by Bank.

Order details:

Date: 10/20/05
Your order number is: 203401

You have ordered the following:

Price
Book 1 60.80
Book 2 50.00
Setup fee 9.00

+VAT 17.5% 4.52
_____________________________
Total in GBP: 124.32

Click on the LINK TO INVOICE:

*** removed link ***

Customer Support

 

Yes, I got one of these too. The same variation as that posted by MitchPixx - "YOUR ACCOUNT TEMPORARILY BLOCKED".

I did a google for Goldnow and found goldnow-dot-st which appears to be legit, but what do I know? Hence I've refrained from putting the actual link here, but on the site I found this warning (all live links removed);

Just thought you might like to know.

 

I got one of those emails today only mine said something about goldnow-shop and it was for £179.22

Weird!!!!!!

 

Can someone on this thread give me a hand in finding out where these e-mails are coming from? All I need is an IP address and I will handle it from there.

 

I got a variant today with the following header:

Return-Path: <dangelop@vgouk.com>
Received: from n080.sc1.cp.net (64.97.168.34) by n071.sc1.cp.net (7.2.066)
id 43474C2A007AA431 for [NAME.REMOVED]@virgin.net; Mon, 21 Nov 2005 13:52:27 +0000
Received: from BOBBY (58.69.88.40) by n080.sc1.cp.net (7.2.069.1)
id 43756CC400519289 for [NAME.REMOVED]@virgin.net; Mon, 21 Nov 2005 13:52:24 +0000
Message-ID: <001a01c5ef28$f490b342$6400a8c0@BOBBY>
From: <dangelop@vgouk.com>
To: <[NAME.REMOVED]@virgin.net>
Subject: Ordering information (Ref: 58404)
Date: Mon, 21 Nov 2005 21:52:43 -0700

I ran a APNIC whois on "BOBBY" (58.69.88.40) and got 58.69.0.0 - 58.69.127.0 = netname: PLDTDSL which appears to be: Philippine Long Distance Telephone Company. Timezone seems about right.

My email was slightly diiferent - no contact details just a zip file
"bde177.zip" containing "gsbill.exe" - Symantec (defs 20051120) says
it's OK but I haven't run it

Funny that they used USD for a UK email address - I guess they used the
".net" to guess the currency.

Regards,
Trom

Here's the text...

Dear Customer.

You've specified this e-mail as reachable.

Sorry,we were unable to process your transaction
at this time for the following reason:

Transaction Denied by Bank.

Order details:

Date: 11/21/05
Order number is: 846362

You have ordered the following:

Price
RING 1 108.30
RING 2 141.40
Setup fee 2.00

+VAT 67.75
_____________________________
Total in USD: 257.90

Please see attached file.

GOLDNOW SHOP Billing Team.

Thank you for choosing CCBill as the eMerchant for your subscription!

 

me too - got this with an attached zip file

Dear Customer.

You've specified this e-mail as reachable.

Sorry,we were unable to process your transaction
at this time for the following reason:

Transaction Denied by Bank.

Order details:

Date: 11/21/05
Order number is: 934208

You have ordered the following:

Price
RING 1 143.30
RING 2 131.20
Setup fee 7.00

+VAT 86.93
_____________________________
Total in USD: 231.10

Please see attached file.

GOLDNOW SHOP Billing Team.

Thank you for choosing CCBill as the eMerchant for your subscription!

 

This is what i got:

I googled "goldnow shop" and it brought up this page. Good to know it's a phishing scam.

 

Here's one that I recieved today, 11-21.



Return-Path: <drjv@kbeerlover.com.au>
Received: from mx09.lax.untd.com (mx09.lax.untd.com [10.130.24.69])
by maildeliver26.lax.untd.com with SMTP id AABB2D7J6AZKMBN2
for <MYEMAIL@ADDRESS.com> (sender <drjv@kbeerlover.com.au>);
Mon, 21 Nov 2005 08:26:04 -0800 (PDT)
Received: from MARCELLO (host74-110.pool8250.interbusiness.it [82.50.110.74])
by mx09.lax.untd.com with SMTP id AABB2D7H6AD37F6S
for <MYEMAIL@ADDRESS.com> (sender <drjv@kbeerlover.com.au>);
Mon, 21 Nov 2005 08:25:32 -0800 (PST)
Message-ID: <002c01c5eeb8$2fa13f50$2101a8c0@MARCELLO>
From: <drjv@kbeerlover.com.au>
To: <MYEMAIL@ADDRESS.com>
Subject: Transaction information (Ref: 027)
Date: Mon, 21 Nov 2005 17:25:29 +0200
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_0028_01C5EEC0.9160F830"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-ContentStamp: 6:3:3535772318
X-UNTD-Peer-Info: 82.50.110.74|host74-110.pool8250.interbusiness.it|MARCELLO|drjv@kbeerlover.com.au
X-UNTD-UBE:-1


Dear Customer.

You've specified this e-mail as reachable.

Sorry,we were unable to process your transaction
at this time for the following reason:

Transaction Denied by Bank.

Order details:

Date: 11/21/05
Order number is: 368736

You have ordered the following:

Price
RING 1 104.60
RING 2 184.40
Setup fee 3.00

+VAT 44.71
_____________________________
Total in USD: 261.10

Please see attached file.

GOLDNOW SHOP Billing Team.

Thank you for choosing CCBill as the eMerchant for your subscription!

 

Dear Customer.

You've specified this e-mail as reachable.

Sorry,we were unable to process your transaction
at this time for the following reason:

Transaction Denied by Bank.

Order details:

Date: 11/21/05
Order number is: 055162

You have ordered the following:

Price
RING 1 140.80
RING 2 113.20
Setup fee 1.00

+VAT 35.35
_____________________________
Total in USD: 248.60

Please see attached file.

GOLDNOW SHOP Billing Team.

Thank you for choosing CCBill as the eMerchant for your subscription!

interesting as Goldnow is a regit mailorder jewelery co. and ccnow is a legit billing co. but Goldnow doesnt use CCBill

 

Just got one too....

You've specified this e-mail as reachable.

Sorry,we were unable to process your transaction
at this time for the following reason:

Transaction Denied by Bank.

Order details:

Date: 11/21/05
Order number is: 431876

You have ordered the following:

Price
RING 1 183.80
RING 2 135.10
Setup fee 2.00

+VAT 01.35
_____________________________
Total in USD: 233.80

Please see attached file.

GOLDNOW SHOP Billing Team.

Thank you for choosing CCBill as the eMerchant for your subscription!

 

I also got one today it said



Dear Customer.

You've specified this e-mail as reachable.

Sorry,we were unable to process your transaction
at this time for the following reason:

Transaction Denied by Bank.

Order details:

Date: 11/21/05
Order number is: 544003

You have ordered the following:

Price
RING 1 184.70
RING 2 112.10
Setup fee 1.00

+VAT 71.90
_____________________________
Total in USD: 239.20

Please see attached file.

GOLDNOW SHOP Billing Team.

Thank you for choosing CCBill as the eMerchant for your subscription!




what should I do?

 

I got the same email in my Yahoo mail. There were no links to click on though.

 

I very nearly fell for it as my previous credit card was used for fraud and the first I knew was when an item bounced. I thought it was happening again. However, I checked the website behind the sender's address emilyijames@uae86.co.uk and it does not exist.

There is clealy some malware in the attachment which is 27.5kb and zipped.

OC

 

I got one as well. With an attachment. I'm a bit worried about opening the attachment.