WARNING! - EMAIL Scam! - February 2010 - Forums

- Collapse -

I got it too...

by EdHannigan Jan 13, 2010 8:30PM PST

They must have accessed CNET's membership list. Great. Maybe I'll change my profile(if possible).

- Collapse -

If members

by TONI H Jan 13, 2010 9:56PM PST

allow for contact via their email address in their profile, it's easy to get that info. I stopped using it as an option when I resigned as a Moderator so I never got that email.

Thanks, Mark, for the heads up.

TONI H

- Collapse -

doesn't matter

by James Denison Jan 13, 2010 11:41PM PST

I have my new email address on file with CNET, but this came to an old email address I'd used in years past with them. Someone was working with an old list. If you have changed email address in the past 5 years, it's possible you were sent a copy, but at the old email address like I was.

- Collapse -

I had my CNET Mambership email

by PudgyOne Jan 13, 2010 10:05PM PST

turned off for some time. I was contacted a long time ago with the email account in question and if yahoo saved my email address. Message source says...

Received: from web31810.mail.mud.yahoo.com (web31810.mail.mud.yahoo.com [68.142.XXX.XX])

So it looks like the email account has been hacked, MHO.

I hope Angeline is fine and wisk you all can contribute a few dollars to get her home(just kidding). I do hope Angeline is fine!

I would change the yahoo's security questions and passwords and/or consider closing the account and consider getting another account. Remember that all the email accounts in the address book the email was sent to. Mark, if you have access, you know what my email address is, check to see if it was saved.

Take care, EVERYONE and I ope you find a way to solve this mystery.

Rick

- Collapse -

indirectly

by James Denison Jan 13, 2010 11:16PM PST

someone sent me a copy of it. I've not check old email address, maybe went there.

- Collapse -

Yep, came to old email

by James Denison Jan 13, 2010 11:32PM PST

http://www.glenburniemd.net/Old/SEmodsPleaMoneyAngeline.jpg

- Collapse -

corrected

by James Denison Jan 13, 2010 11:43PM PST

http://www.glenburniemd.net/Odd/SEmodsPleaMoneyAngeline.jpg

- Collapse -

Headers of bogus semod email

by James Denison Jan 13, 2010 11:46PM PST

X-AOL-UID: 3047.1732905557
X-AOL-DATE: Thu, 14 Jan 2010 2:23:03 AM Eastern Standard Time
Return-Path: <semods4@yahoo.com>
Received: from mtain-df10.r1000.mx.aol.com (mtain-df10.r1000.mx.aol.com [172.29.64.222]) by air-de07.mail.aol.com (v126.13) with ESMTP id MAILINDE072-5ebb4b4ec657c0; Thu, 14 Jan 2010 02:23:03 -0500
Received: from web31806.mail.mud.yahoo.com (web31806.mail.mud.yahoo.com [68.142.207.69])
by mtain-df10.r1000.mx.aol.com (Internet Inbound) with SMTP id BF4C338000097
for <denison4d@netscape.net>; Thu, 14 Jan 2010 02:23:02 -0500 (EST)
Received: (qmail 2559 invoked by uid 60001); 14 Jan 2010 07:23:02 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1263453782; bh=oR1QGy6yAI4zbPlnC6MJhb9fJ4DwPqGKtWQH+djLrZo=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=GGLk0T0n7F3I4h7aSkJ0O8R0oFn+V2xhW1krz2Z5l03IzGAqIyccrAh0Yslw3ir7yJtKG2OfqkIcOujdZTROhMJwxqZQ3KfbE4DvBMZX4yKU0OR+/3zS0EHjwBlUa0kA7vQaS5BnW+rD5sD9qTZM39qLdrcOkFWsddlEN3eIAHA=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type;
b=IQxf04ir2og3mvnN1ozOcoWcCQFKO7g3vag76IFLH2YoB5MzKP1SnTGWj4PSasPEiWLkgoG9Q4igMu5loi0vHl/80uCz6umOxEsLdT37q9VPvr9lRGraMVtlxBuLOrUilvPEhOFjt12Xivtm+GYQUThh6cWWuz5oei2rN4wbVHg=;
Message-ID: <262486.2215.qm@web31806.mail.mud.yahoo.com>
X-YMail-OSG: a4XPN6cVM1lpeJ7K2_NycBUL9XrUaQuYrPTs5FWa7yD0CF2ajxu4q0._..nMQs_3F5.Zo0C9L4hmeNMm2Ujd58cA8uTI4XrnyJKrYvIXmiXlWKLzFm5MgQB1IRwK.frHyFshpJCD15WfCYaf4r.BVoIGjXnu6FhSjxu6yRNxi.X3MucYKucsq8DYUNj17asGw3lHRv8imfsidjPgwUVlVkTU1cg0aQ8oT6UZKa8dSk_U8A4JdLmyl1Qgz_az6yDcVwsmCjIYRkw07.kuBZgP56n6BafVeJnd0FIaRnL_4wHRWt72LU1LlU8fiWRR7ixtrE3U2hx8mE.HQIuvW4i3F2b70GLDDg--
Received: from [209.191.91.120] by web31806.mail.mud.yahoo.com via HTTP; Wed, 13 Jan 2010 23:23:01 PST
X-Mailer: YahooMailClassic/9.1.10 YahooMailWebService/0.8.101.264461
Date: Wed, 13 Jan 2010 23:23:01 -0800 (PST)
From: Speakeasy Moderator <semods4@yahoo.com>
Reply-To: semodis4@yahoo.com
Subject: I need Your Urgent Help
To: undisclosed recipients: ;
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-925797057-1263453781=:2215"
x-aol-global-disposition: G
x-aol-sid: 3039ac1d40de4b4ec65613af
X-AOL-IP: 68.142.207.69

--0-925797057-1263453781=:2215
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Hello,

How are you doing? hope all is well with you, i am sorry that i didn't=A0=
inform you about my traveling to England for a Seminar.

I need a favor from you as soon as you receive this e-mail because i mispl=
aced my wallet on my way to the hotel where my money,and other valuable th=
ings were kept i will like you to assist me with a=A0 loan urgently. I wil=
l be needing the sum of $2,500=A0 to sort-out my hotel bills and get mysel=
f back home.

I will appreciate whatever you can afford to help me with, I'll pay you ba=
ck as soon as i return. Kindly let me know if you can be of help? so that=
i can send you the details to use when sending the money Transfer.

Your reply will be greatly appreciated.

Take care,
Angeline

- Collapse -

The question is

by PudgyOne Jan 13, 2010 11:49PM PST

Everyone that got this email..

Were you contacted by the se mods with the yahoo.com email address at one time or another?

If everyone was contacted from the email address in question, then the Yahoo email account was hacked.

Rick

- Collapse -

or a mod..

by James Denison Jan 14, 2010 12:05AM PST

..or former mod, gave a computer to someone and didn't do a clean install before doing so, or left automated signin active for that account on a browser. If THAT happened, then that mod may have other problems in their personal accounts start happening too.

- Collapse -

Could it be Dave K.??

by Steven Haninger Jan 14, 2010 12:35AM PST

Could his PC have been lost when the hurricane hit and his place looted?

- Collapse -

That's a good question!

by James Denison Jan 14, 2010 12:56AM PST

It's possible it was damaged and he got rid of it, but I think Dave K would have enough sense to clean it of all data first.

- Collapse -

In my email address book

by TONI H Jan 14, 2010 1:25AM PST

his is the only one that comes up as Speakeasy Moderator to be displayed....everybody else displays their correct name even with the semods4 tag, so it's possible you are right.

TONI H

- Collapse -

also a good point.

by James Denison Jan 14, 2010 2:04AM PST

I remember that and just looked again and sure enough it does say Speakeasy Moderator the way Dave K used to do it all the time. There's the other Dave (Evans) who died, but if anything odd was going to happen from his computer it already would have. But if they used Dave's moniker, why sign it as Angeline? It would mean they had checked and saw Dave K was no longer posting. Very odd, and now it seems Angeline is missing in action (sleeping in today?).

- Collapse -

If they used

by TONI H Jan 14, 2010 2:35AM PST

Dave K's moniker since it was basically anonymous and didn't name him, using Angeline's name would be nearly a perfect scam because more people are sympathetic to a woman via the internet and would want to 'rescue' her...a man needing financial help wouldn't normally garner that kind of sympathy I don't imagine. Unfortunately, or fortunately perhaps, that double standard still exists.

TONI H

- Collapse -

I doubt it

by C1ay Jan 16, 2010 1:37AM PST

Dave has my current email address and my old and I never got the phishing email. The mods also have my address at the Yahoo account. It doesn't look like this fisher has all of the email addresses here. My primary address, that I registered here with, is more than 13 years old now and it didn't show up there so I'm thinking the phisher doesn't have it or I was omitted on purpose for some reason.

Clay

- Collapse -

(NT) not in spam folder either?

by James Denison Jan 16, 2010 2:59AM PST

- Collapse -

(NT) No

by C1ay Jan 24, 2010 12:51AM PST

- Collapse -

If It were Dave's stolen computer, it seems unlikely that

by Ziks511 Jan 15, 2010 6:18AM PST

it would take this long to show up. The hurricane was a couple of years ago, why start now? My money is on a portion of CNET getting hacked and the e-mail list stolen, but I may be wrong, If this occurs to people on other CNet fora (forums) then it's a general hack. If not, there's still the long delay to account for.

Surely the account holder is traceable through Yahoo and his location found, and a name, probably fictitious, found as well.

Rob

- Collapse -

base 64 encoding

by James Denison Jan 14, 2010 12:45AM PST

http://home2.paulschou.net/tools/xlate/

Go to above. Copy and paste the below into the Base64 decoder. Clk on decode button.

bh=oR1QGy6yAI4zbPlnC6MJhb9fJ4DwPqGKtWQH+djLrZo=
b=GGLk0T0n7F3I4h7aSkJ0O8R0oFn+V2xhW1krz2Z5l03IzGAqIyccrAh0Yslw3ir7yJtKG2OfqkIcOujdZTROhMJwxqZQ3KfbE4DvBMZX4yKU0OR+/3zS0EHjwBlUa0kA7vQaS5BnW+rD5sD9qTZM39qLdrcOkFWsddlEN3eIAHA=
b=IQxf04ir2og3mvnN1ozOcoWcCQFKO7g3vag76IFLH2YoB5MzKP1SnTGWj4PSasPEiWLkgoG9Q4igMu5loi0vHl/80uCz6umOxEsLdT37q9VPvr9lRGraMVtlxBuLOrUilvPEhOFjt12Xivtm+GYQUThh6cWWuz5oei2rN4wbVHg=
a4XPN6cVM1lpeJ7K2NycBUL9XrUaQuYrPTs5FWa7yD0CF2ajxu4q0nMQs3F5Zo0C9L4hmeNMm2Ujd58cA8uTI4XrnyJKrYvIXmiXlWKLzFm5MgQB1IRwKfrHyFshpJCD15WfCYaf4rBVoIGjXnu6FhSjxu6yRNxiX3MucYKucsq8DYUNj17asGw3lHRv8imfsidjPgwUVlVkTU1cg0aQ8oT6UZKa8dSkU8A4JdLmyl1Qgzaz6yDcVwsmCjIYRkw07kuBZgP56n6BafVeJnd0FIaRnL4wHRWt72LU1LlU8fiWRR7ixtrE3U2hx8mEHQIuvW4i3F2b70GLDDg=

===================
After doing the above you will see the "Hash" encoded passwords in the checksum section. They might be decrypted here, http://md5decrypter.com/

If you want to get really geeky....
http://en.wikipedia.org/wiki/Crypt_%28Unix%29
http://en.wikipedia.org/wiki/Cryptographic_hash_function
http://en.wikipedia.org/wiki/Salt_%28cryptography%29

create your own hash if you want
http://hashkiller.com/password/

- Collapse -

got it too

by oldie and goody Jan 14, 2010 2:05AM PST

what is strange is it came to the email address that was not used to sign up here.

- Collapse -

Anything to say it's only happening to SE posters?

by Steven Haninger Jan 14, 2010 3:23AM PST

I would have expected to see something at least in the feedback forum if it was happening outside of here.

- Collapse -

I also checked

by oldie and goody Jan 14, 2010 4:20AM PST

in Feedback, Nothing at all. We are the "lucky" ones

- Collapse -

Just curious...

by grimgraphix Jan 14, 2010 3:30AM PST

I have to wonder if Angeline got the same email from herself...

- Collapse -

hmm

by James Denison Jan 14, 2010 4:39AM PST

not from herself, so "no" due to that count. However would be interesting if she got a copy too. It's starting to look like the yahoo account got hacked (remember Palin? wasn't that yahoo also?) or someone let an address book get hacked. It would be old addresses too, at least two have said they were older ones not used much if at all now.

- Collapse -

Anyone mind

by MarkFlax Former Forum moderator Feb 28, 2010 6:00AM PST

if I remove the sticky from this now?

It's just looking a little cluttered up here.

Mark

- Collapse -

please do

by oldie and goody Feb 28, 2010 6:21AM PST

and while you are at it remove all the others too as you can't even open any of them.

- Collapse -

(NT) LOL

by James Denison Feb 28, 2010 10:51AM PST

WARNING! - EMAIL Scam!

CNET Forums

Other Forums

Forum Info