Scam Warning, Hijacked E-mail Of FMCA Member

[jimpat4649]

SEVERAL NORTHEAST AREA MEMBERS HAVE RECEIVED AN E-MAIL FROM SOME ONE THAT HAS HIJACKED SYLVIA PLAISTAD FROM PENNY MIXERS CHAPTERS E-MAIL.

THEY ARE CLAIMING TO BE HER AND STATING THAT THEY ARE IN LONDON, ENGLAND AND HAVE HAD MONEY STOLEN AND ARE ASKING THEM TO CALL OR E-MAIL HER TO MAKE ARRANGEMENTS TO SEND MONEY.

THIS IS A SCAM , SYLVIA IS AT HOME , WE HAVE CONFIRMED THAT. PLEASE SPREAD THE WORD.

[Guest Wayne77590]

I received that same type of email a few months ago that was disguised as coming from one of my email contacts.

Here is how to handle it:

First - DON'T send money

Then, copy the long headers (example below) and then click on forward email. Paste the long headers into the text of the forward email. Send the email to two places:

abuse@(email carrier address)

and

postmaster@(email carrier address)

One of those two addresses should get to the appropriate staff at the carrier headquarters. You should get two emails back from them. The first will be a canned acknowledgment that they received the email. The second should be a little more personal and contain your name, and a thank you for informing them.

Here is what a long header looks like: (I have edited out IP addresses and some gobbedly gook info for brevity purposes.

From: Wayne M <him@sbcglobal.net>

Subject: Need Money

Date: December 29, 2010 6:40:13 PM CST

Cc: recipient list not shown: ;

X-Apparently-To: (email address is here) via 255.255.255.255; Wed, 29 Dec 2010 16:40:21 -0800

Received-Spf: none (mta1005.sbc.mail.sp1.yahoo.com: domain of (email address will be here) does not designate permitted sender hosts)

X-Ymailisg: (Gobbedly gook you would not understand)

X-Originating-Ip: [255.255.255.255] (IP address where it cam from)

X-Originating-Ip: [255.255.255.255] ((IP address where it cam from)

Authentication-Results: mta1005.sbc.mail.sp1.yahoo.com from=sbcglobal.net; domainkeys=pass (ok); from=sbcglobal.net; dkim=pass (ok)

Received: from 255.255.255.255 (EHLO nlpi086.prodigy.net) (255.255.255.255) by mta1005.sbc.mail.sp1.yahoo.com with SMTP; Wed, 29 Dec 2010 16:40:21 -0800

Received: from smtp102-mob.biz.mail.ne1.yahoo.com (smtp102-mob.biz.mail.ne1.yahoo.com [255.255.255.255]) by nlpi086.prodigy.net (8.14.4 IN/8.14.4) with SMTP id oBU0eIg1012362 for <Email address sent to>; Wed, 29 Dec 2010 18:40:19 -0600

Received: (qmail 26625 invoked from network); 30 Dec 2010 00:40:18 -0000

Received: from [10.0.1.3] (email@255.255.255.255 with xymcookie) by smtp102-mob.biz.mail.ne1.yahoo.com with SMTP; 29 Dec 2010 16:40:17 -0800 PST

Domainkey-Signature: (gobbedly gook you would not understand)

Dkim-Signature: (this is the gobbedly gook) v=1; a=rsa-sha256; c=relaxed/relaxed; d=sbcglobal.net; s=s1024; t=1293669618; bh=3MRscYH125DaPrN9S/RvcScC6VRnqFbwuKyEYL9pQRo=; h=Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:References:X-Apple-Yahoo-Forwarded-Msgid:X-Apple-Yahoo-Original-Message-Folder:Mime-Version:Content-Type:Message-Id:Content-Transfer-Encoding:X-Mailer:From:Subject:Date; b=T9fC+GDnJV1RHQNOZ8YQLmEJWBFwwntyhsi/2KjFsvjsVPr+jtXYwBCB3ugIpyrrxfUTM9tvCrugo1f59wwZabpTqOX1KaGntIaMt9UaeBKIGwuhIESh

AMl3mm9Y2vMd3f+g9TK2q/DbKERWuljVMdDgfSYPtenALLeijNTgLM4=

X-Yahoo-Smtp: u8OTOmqswBBPkHOZh4sgmd8AvhvSLj_0NBb2WLlAfRSQMA--

X-Ymail-Osg: ecyx2pMVM1lBs.2p5HQtzFnh5razwSvdQeHoJJ4k968vZdD N_sKp6evu8__iPNJJb4OYYXrf7fQw61LAp1aWiCRqfSJhLjRSg2n9tMI8pRv yR2uENoJus2Vw6ZO8NBsa45moQVO0fFcVqMWIZS9VJn9vBk0b8cz5m.FditY FuMJTeI.JgHfWYlcLQ9AzJ58sSRzI7ALJ.K150ann8nbcRS._QmtB2qNiAQW L5B3jPzN6HqeUV69OXpXOxvtsuxrKmt7D8zGjShnpaHyAUbu2rrKU1txXGiM PBSrR471SMhwQHOw2YpQI.WOXxnKzwClG358LgA3x8ZkkMZ5NPgaQ_Q--

References: <790719156.2293015.1293668021963.JavaMail.javamailuser@localhost>

X-Apple-Yahoo-Forwarded-Msgid: 1_132222_AF/HjkQAAAOpTRvOuQOmp0umXcg

X-Apple-Yahoo-Original-Message-Folder: Inbox

Mime-Version: 1.0 (iPad Mail 8a238)

Content-Type: multipart/alternative; boundary=Apple-Mail-1--398423170

Message-Id: <22A33D4A-EBB1-34B8-91F8-4145957FA78A@sbcglobal.net>

Content-Transfer-Encoding: 7bit

X-Mailer: iPad Mail (8A136)

Happy emailing!!

p.s., it will take a month or more for the poor soul who's email has been spoofed to get straightened out. You can search on email headers and get some information on what is contained in them. A header is not just the From: To: Cc: Bcc: and Subject line.

[hermanmullins]

Jimpat & Wayne.

This happened to one of our Lone Star Members. While at a rally last year I got an email like this. What was real funny (!!!!!!) was that I had just had coffee with the gentleman that was suposed to be in Africa and had been talking about his hijacked address. I asked him if I could just give him a check then or did I have to wait until he got back to Africa.

Regards and Happy RVing

[vtbigdog]

Running Malwarebytes Anti-Malware software should remove the virus from the host computer, but if anyone has opened any of those emails they received, they would also be infected.

FYI...this produce will also remove viruses and cookies that Norton and other anti-virus programs cannot detect...and it is free.

[Guest Wayne77590]

Richard,

This type of scam does not rely on a virus, malware, or spyware. It is a spoofed email address. Any address can be placed in the "from" line (if you know what you are doing) to make it appear to be coming from someone else. If you know how to read the "long headers," you can see where the actual return path is going.

Obtaining emails has become easy. Besides purchasing them from someone who has harvested them, or from a marketing firm (they have to make money somehow) thy also can get them from emails that they may have harvested. The best ones are those emails that have been forwarded, and forwarded, and forwarded with all the original email addresses intact. I'll post another thread on email etiquette later.

The only way to determine if an email is from who it says it is from is to look at the "long headers." From that you can determine what the return path is. It is to complicated for most, and most of us look at the contents of the email and can, most of the time, determine if it was from the sender "we know" or not.

The old adage of "don't open email from someone you don't know," "Don't open attachments that you have not requested," etc. apply. Attachments can be renamed with any extension a person wants, and still open in the original program if so desired by the internet thief.

We live in a world where we have to be ever vigilant.

p.s., You are correct that email addresses can be harvested by viruses, malware, spyware, and hacking, so everyone should take the precautions of having good software to protect them as much as the software can.