Weblog Commenting and Trackback by HaloScan.com The Barnyard: Taking Out Phishing Scammers And Other Spammers

Thursday, July 31, 2008

Taking Out Phishing Scammers And Other Spammers

I have effectively reduced my spam email to just a couple a day and those usually come from phishers or viagra pushers so how did I stop them. It really is pretty simple but never ever open the mail or click on any link they provide. First you must have access to the full email header which contains the IP address of the sender and the ISP of the sender if you don't know how to do that you can go here to find out how to get it.
Once you have the full header you can get the IP address and that is the first one in the 'received from' line near the top, it will look something like this, 123.45.67.8. You then plug that number into the Arin Who Is database and you will find out who the Internet Service Provider is, they provide a hotlink to the other Who Is databases if it is not US based and then just replug that number.
Then you forward the spam email to the spammer's ISP and spam@uce.gov, most use abuse at the email provider, abuse@ ,like abuse@google.com, copy and paste the full header into the body of the email with a brief explanation of the problem, make no changes other than that. Here is an example of my latest reporting a phishing scammer,

Please stop the phishing scammers

X-Message-Delivery: Vj0zLjQuMDt1cz0wO2w9MDthPTA=
X-Message-Status: n:0
X-SID-PRA: Mr Mary Donald
X-Message-Info: R00BdL5giqoV+O2gK6VTsKnf6YzOSBx1nDZqYzYxp+M1nTh0yvNnDNSpEUY2eEtAVmCMOVlNwY0+WY0sigiM2nX1Gmiwrfu0
Received: from tomts44-srv.bellnexxia.net ([209.226.175.111]) by bay0-mc10-f5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668);
Thu, 31 Jul 2008 16:04:01 -0700
Received: from toip39-bus.srvr.bell.ca ([67.69.240.40])
by tomts44-srv.bellnexxia.net
(InterMail vM.5.01.06.13 201-253-122-130-113-20050324) with ESMTP
id <20080731230400.sngj1584.tomts44-srv.bellnexxia.net@toip39-bus.srvr.bell.ca>;
Thu, 31 Jul 2008 19:04:00 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AqR9AEjhkUjR4q/5/2dsb2JhbACBOIhCgTKjag
Received: from tofep1.bellnexxia.net (HELO smtp.bellnexxia.net) ([209.226.175.249])
by toip39-bus.srvr.bell.ca with SMTP; 31 Jul 2008 19:03:46 -0400
X-Mailer: Openwave WebEngine, version 2.8.11 (webedge20-101-194-20030622)
X-Originating-IP: [81.199.63.25]
From: Mr Mary Donald
Reply-To: mrsmarydonalddesk@yahoo.com.hk
Organization: Mr Mary Donald
To:
Subject: ***Get back to me for more information***
Date: Thu, 31 Jul 2008 19:03:46 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Message-Id: <20080731230400.sngj1584.tomts44-srv.bellnexxia.net@toip39-bus.srvr.bell.ca>
Return-Path: nepean1@bellnet.ca
X-OriginalArrivalTime: 31 Jul 2008 23:04:01.0677 (UTC) FILETIME=[B8BC13D0:01C8F361]

Before the introduce of this transaction, i wish to introduce myself to you I am Mary Donald a staff of Natwest Bank plc London.I am the head of the accounts department at NatWest's OffshoreBanking division.Please send your confidential telephone also you are advice to reply via the private Email At: mrsmarydonald077@gmail.com
----- Original Message -----
From: Mr Mary Donald
To:
Sent: Thursday, July 31, 2008 4:03 PM
Subject: ***Get back to me for more information***


Before the introduce of this transaction, i wish to introduce myself to you I am Mary Donald a staff of Natwest Bank plc London.I am the head of the accounts department at NatWest's OffshoreBanking division.Please send your confidential telephone also you are advice to reply via the private Email At: mrsmarydonald077@gmail.com

Note the horrible grammar of the supposed bank staffer in London, bwahaha, and another is them saying you won a yahoo lottery with a google response address, they must think folks are real idiots, sadly some are and they get scammed or their identities stolen. If you have questions I will try to help or you can contact your own support team at your email provider.

No comments: