Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

WARNING! - EMAIL Scam!

Jan 13, 2010 7:48PM PST

Everyone please beware if you receive an email apparently from SEMods, and signed by ay of us SE Mods.

The email is a scam, and the return email address is different to the SEMods email address.

Below is the contents of the email going around;
~~~~~~~~~~~~~~~~~~~~~~~
Hello,

How are you doing? hope all is well with you, i am sorry that i didn't inform you about my traveling to England for a Seminar.

I need a favor from you as soon as you receive this e-mail because i misplaced my wallet on my way to the hotel where my money,and other valuable things were kept i will like you to assist me with a loan urgently. I will be needing the sum of $2,500 to sort-out my hotel bills and get myself back home.


I will appreciate whatever you can afford to help me with, I'll pay you back as soon as i return. Kindly let me know if you can be of help? so that i can send you the details to use when sending the money Transfer.

Your reply will be greatly appreciated.

Take care,
Angeline
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Return email address is semodis4@yahoo.com

Be careful!

Mark

Discussion is locked

- Collapse -
I got it too...
Jan 13, 2010 8:30PM PST

They must have accessed CNET's membership list. Great. Maybe I'll change my profile(if possible).

- Collapse -
If members
Jan 13, 2010 9:56PM PST

allow for contact via their email address in their profile, it's easy to get that info. I stopped using it as an option when I resigned as a Moderator so I never got that email.

Thanks, Mark, for the heads up.

TONI H

- Collapse -
doesn't matter
Jan 13, 2010 11:41PM PST

I have my new email address on file with CNET, but this came to an old email address I'd used in years past with them. Someone was working with an old list. If you have changed email address in the past 5 years, it's possible you were sent a copy, but at the old email address like I was.

- Collapse -
I had my CNET Mambership email
Jan 13, 2010 10:05PM PST

turned off for some time. I was contacted a long time ago with the email account in question and if yahoo saved my email address. Message source says...

Received: from web31810.mail.mud.yahoo.com (web31810.mail.mud.yahoo.com [68.142.XXX.XX])

So it looks like the email account has been hacked, MHO.

I hope Angeline is fine and wisk you all can contribute a few dollars to get her home(just kidding). I do hope Angeline is fine!

I would change the yahoo's security questions and passwords and/or consider closing the account and consider getting another account. Remember that all the email accounts in the address book the email was sent to. Mark, if you have access, you know what my email address is, check to see if it was saved.

Take care, EVERYONE and I ope you find a way to solve this mystery.


Rick

- Collapse -
indirectly
Jan 13, 2010 11:16PM PST

someone sent me a copy of it. I've not check old email address, maybe went there.

- Collapse -
Yep, came to old email
Jan 13, 2010 11:32PM PST
- Collapse -
corrected
Jan 13, 2010 11:43PM PST
- Collapse -
Headers of bogus semod email
Jan 13, 2010 11:46PM PST

X-AOL-UID: 3047.1732905557
X-AOL-DATE: Thu, 14 Jan 2010 2:23:03 AM Eastern Standard Time
Return-Path: <semods4@yahoo.com>
Received: from mtain-df10.r1000.mx.aol.com (mtain-df10.r1000.mx.aol.com [172.29.64.222]) by air-de07.mail.aol.com (v126.13) with ESMTP id MAILINDE072-5ebb4b4ec657c0; Thu, 14 Jan 2010 02:23:03 -0500
Received: from web31806.mail.mud.yahoo.com (web31806.mail.mud.yahoo.com [68.142.207.69])
by mtain-df10.r1000.mx.aol.com (Internet Inbound) with SMTP id BF4C338000097
for <denison4d@netscape.net>; Thu, 14 Jan 2010 02:23:02 -0500 (EST)
Received: (qmail 2559 invoked by uid 60001); 14 Jan 2010 07:23:02 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1263453782; bh=oR1QGy6yAI4zbPlnC6MJhb9fJ4DwPqGKtWQH+djLrZo=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=GGLk0T0n7F3I4h7aSkJ0O8R0oFn+V2xhW1krz2Z5l03IzGAqIyccrAh0Yslw3ir7yJtKG2OfqkIcOujdZTROhMJwxqZQ3KfbE4DvBMZX4yKU0OR+/3zS0EHjwBlUa0kA7vQaS5BnW+rD5sD9qTZM39qLdrcOkFWsddlEN3eIAHA=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type;
b=IQxf04ir2og3mvnN1ozOcoWcCQFKO7g3vag76IFLH2YoB5MzKP1SnTGWj4PSasPEiWLkgoG9Q4igMu5loi0vHl/80uCz6umOxEsLdT37q9VPvr9lRGraMVtlxBuLOrUilvPEhOFjt12Xivtm+GYQUThh6cWWuz5oei2rN4wbVHg=;
Message-ID: <262486.2215.qm@web31806.mail.mud.yahoo.com>
X-YMail-OSG: a4XPN6cVM1lpeJ7K2_NycBUL9XrUaQuYrPTs5FWa7yD0CF2ajxu4q0._..nMQs_3F5.Zo0C9L4hmeNMm2Ujd58cA8uTI4XrnyJKrYvIXmiXlWKLzFm5MgQB1IRwK.frHyFshpJCD15WfCYaf4r.BVoIGjXnu6FhSjxu6yRNxi.X3MucYKucsq8DYUNj17asGw3lHRv8imfsidjPgwUVlVkTU1cg0aQ8oT6UZKa8dSk_U8A4JdLmyl1Qgz_az6yDcVwsmCjIYRkw07.kuBZgP56n6BafVeJnd0FIaRnL_4wHRWt72LU1LlU8fiWRR7ixtrE3U2hx8mE.HQIuvW4i3F2b70GLDDg--
Received: from [209.191.91.120] by web31806.mail.mud.yahoo.com via HTTP; Wed, 13 Jan 2010 23:23:01 PST
X-Mailer: YahooMailClassic/9.1.10 YahooMailWebService/0.8.101.264461
Date: Wed, 13 Jan 2010 23:23:01 -0800 (PST)
From: Speakeasy Moderator <semods4@yahoo.com>
Reply-To: semodis4@yahoo.com
Subject: I need Your Urgent Help
To: undisclosed recipients: ;
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-925797057-1263453781=:2215"
x-aol-global-disposition: G
x-aol-sid: 3039ac1d40de4b4ec65613af
X-AOL-IP: 68.142.207.69

--0-925797057-1263453781=:2215
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Hello,

How are you doing? hope all is well with you, i am sorry that i didn't=A0=
inform you about my traveling to England for a Seminar.

I need a favor from you as soon as you receive this e-mail because i mispl=
aced my wallet on my way to the hotel where my money,and other valuable th=
ings were kept i will like you to assist me with a=A0 loan urgently. I wil=
l be needing the sum of $2,500=A0 to sort-out my hotel bills and get mysel=
f back home.


I will appreciate whatever you can afford to help me with, I'll pay you ba=
ck as soon as i return. Kindly let me know if you can be of help? so that=
i can send you the details to use when sending the money Transfer.

Your reply will be greatly appreciated.

Take care,
Angeline

- Collapse -
The question is
Jan 13, 2010 11:49PM PST

Everyone that got this email..

Were you contacted by the se mods with the yahoo.com email address at one time or another?


If everyone was contacted from the email address in question, then the Yahoo email account was hacked.


Rick

- Collapse -
or a mod..
Jan 14, 2010 12:05AM PST

..or former mod, gave a computer to someone and didn't do a clean install before doing so, or left automated signin active for that account on a browser. If THAT happened, then that mod may have other problems in their personal accounts start happening too.

- Collapse -
Could it be Dave K.??
Jan 14, 2010 12:35AM PST

Could his PC have been lost when the hurricane hit and his place looted?

- Collapse -
That's a good question!
Jan 14, 2010 12:56AM PST

It's possible it was damaged and he got rid of it, but I think Dave K would have enough sense to clean it of all data first.

- Collapse -
In my email address book
Jan 14, 2010 1:25AM PST

his is the only one that comes up as Speakeasy Moderator to be displayed....everybody else displays their correct name even with the semods4 tag, so it's possible you are right.

TONI H

- Collapse -
also a good point.
Jan 14, 2010 2:04AM PST

I remember that and just looked again and sure enough it does say Speakeasy Moderator the way Dave K used to do it all the time. There's the other Dave (Evans) who died, but if anything odd was going to happen from his computer it already would have. But if they used Dave's moniker, why sign it as Angeline? It would mean they had checked and saw Dave K was no longer posting. Very odd, and now it seems Angeline is missing in action (sleeping in today?).

- Collapse -
If they used
Jan 14, 2010 2:35AM PST

Dave K's moniker since it was basically anonymous and didn't name him, using Angeline's name would be nearly a perfect scam because more people are sympathetic to a woman via the internet and would want to 'rescue' her...a man needing financial help wouldn't normally garner that kind of sympathy I don't imagine. Unfortunately, or fortunately perhaps, that double standard still exists.

TONI H

- Collapse -
I doubt it
Jan 16, 2010 1:37AM PST

Dave has my current email address and my old and I never got the phishing email. The mods also have my address at the Yahoo account. It doesn't look like this fisher has all of the email addresses here. My primary address, that I registered here with, is more than 13 years old now and it didn't show up there so I'm thinking the phisher doesn't have it or I was omitted on purpose for some reason.

Clay

- Collapse -
(NT) not in spam folder either?
Jan 16, 2010 2:59AM PST
- Collapse -
(NT) No
Jan 24, 2010 12:51AM PST
- Collapse -
If It were Dave's stolen computer, it seems unlikely that
Jan 15, 2010 6:18AM PST

it would take this long to show up. The hurricane was a couple of years ago, why start now? My money is on a portion of CNET getting hacked and the e-mail list stolen, but I may be wrong, If this occurs to people on other CNet fora (forums) then it's a general hack. If not, there's still the long delay to account for.

Surely the account holder is traceable through Yahoo and his location found, and a name, probably fictitious, found as well.

Rob

- Collapse -
base 64 encoding
Jan 14, 2010 12:45AM PST
http://home2.paulschou.net/tools/xlate/

Go to above. Copy and paste the below into the Base64 decoder. Clk on decode button.

bh=oR1QGy6yAI4zbPlnC6MJhb9fJ4DwPqGKtWQH+djLrZo=
b=GGLk0T0n7F3I4h7aSkJ0O8R0oFn+V2xhW1krz2Z5l03IzGAqIyccrAh0Yslw3ir7yJtKG2OfqkIcOujdZTROhMJwxqZQ3KfbE4DvBMZX4yKU0OR+/3zS0EHjwBlUa0kA7vQaS5BnW+rD5sD9qTZM39qLdrcOkFWsddlEN3eIAHA=
b=IQxf04ir2og3mvnN1ozOcoWcCQFKO7g3vag76IFLH2YoB5MzKP1SnTGWj4PSasPEiWLkgoG9Q4igMu5loi0vHl/80uCz6umOxEsLdT37q9VPvr9lRGraMVtlxBuLOrUilvPEhOFjt12Xivtm+GYQUThh6cWWuz5oei2rN4wbVHg=
a4XPN6cVM1lpeJ7K2NycBUL9XrUaQuYrPTs5FWa7yD0CF2ajxu4q0nMQs3F5Zo0C9L4hmeNMm2Ujd58cA8uTI4XrnyJKrYvIXmiXlWKLzFm5MgQB1IRwKfrHyFshpJCD15WfCYaf4rBVoIGjXnu6FhSjxu6yRNxiX3MucYKucsq8DYUNj17asGw3lHRv8imfsidjPgwUVlVkTU1cg0aQ8oT6UZKa8dSkU8A4JdLmyl1Qgzaz6yDcVwsmCjIYRkw07kuBZgP56n6BafVeJnd0FIaRnL4wHRWt72LU1LlU8fiWRR7ixtrE3U2hx8mEHQIuvW4i3F2b70GLDDg=

===================
After doing the above you will see the "Hash" encoded passwords in the checksum section. They might be decrypted here, http://md5decrypter.com/

If you want to get really geeky....
http://en.wikipedia.org/wiki/Crypt_%28Unix%29
http://en.wikipedia.org/wiki/Cryptographic_hash_function
http://en.wikipedia.org/wiki/Salt_%28cryptography%29

create your own hash if you want
http://hashkiller.com/password/
- Collapse -
got it too
Jan 14, 2010 2:05AM PST

what is strange is it came to the email address that was not used to sign up here.

- Collapse -
Anything to say it's only happening to SE posters?
Jan 14, 2010 3:23AM PST

I would have expected to see something at least in the feedback forum if it was happening outside of here.

- Collapse -
I also checked
Jan 14, 2010 4:20AM PST

in Feedback, Nothing at all. We are the "lucky" ones Wink

- Collapse -
Just curious...
Jan 14, 2010 3:30AM PST

I have to wonder if Angeline got the same email from herself...

Devil

- Collapse -
hmm
Jan 14, 2010 4:39AM PST

not from herself, so "no" due to that count. However would be interesting if she got a copy too. It's starting to look like the yahoo account got hacked (remember Palin? wasn't that yahoo also?) or someone let an address book get hacked. It would be old addresses too, at least two have said they were older ones not used much if at all now.

- Collapse -
Anyone mind
Feb 28, 2010 6:00AM PST

if I remove the sticky from this now?

It's just looking a little cluttered up here.

Mark

- Collapse -
please do
Feb 28, 2010 6:21AM PST

and while you are at it remove all the others too as you can't even open any of them.

- Collapse -
(NT) LOL
Feb 28, 2010 10:51AM PST