Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - A loan offer or two InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

A loan offer or two

Published: 2006-11-13
Last Updated: 2006-11-13 18:38:43 UTC
by donald smith (Version: 1)
0 comment(s)
Today I received two loan offers which is unusual because I have not applied for any loans in years. When I first tried to resolve the site (~8:00 MDT) it failed. It has since come on line. The site is not rendering correctly in firefox It worked in Internet Explorer. At the bottom of their page they make it clear that they will send your information to "participating lenders" and that those lenders could call you even if your on the "do not call" list.
I suspect they are building a list for telemarketers. Also at the bottom of their page is a graphic that states "we are fully compliant with the can spam act of 2003". I removed the URL from the email because I don't wish to advertise for them. I modified the email headers to remove unimportant details and obstificate my email address.

Body of the loan offer 1:
"Thank you for your loan request, which we recieved yesterday,
we'd like to inform you that we are accepting your application, bad credit ok, We are ready to give you a $236,000 loan for a low month payment.

Approval process will take only 1 minute.

Please visit the confirmation link below and fill-out our short 30 second form.

Body of load offer 2:
"Thank you for your loan request, which we recieved yesterday,
we'd like to inform you that we are accepting your application, bad credit ok, We are ready to give you a $234,000 loan for a low month payment.

Approval process will take only 1 minute.

Please visit the confirmation link below and fill-out our short 30 second form."


Header of the First email:

Received: from 105.12.117.87.donpac.ru (105.12.117.87.donpac.ru
[87.117.12.105])by mail.notmydomain (8/8) with ESMTP id
kADFeJhv023656for <NotMyEmail@notmydomain>; Mon, 13 Nov 2006 08:40:29 -0700 (MST)

Received: from 66.179.38.137 (HELO smtp3.harrisinfo.com)    by notmydomain
with esmtp (J.E5*P/Y,8@ XS,;)    id D2,237-/3J2I3-OH    for
NotMyEmail@notmydomain; Mon, 13 Nov 2006 15:34:57 -0180

From: "Meagan Howell" <akstcharrisinfomnsdgs@harrisinfo.com>
To: <NotMyEmail@notmydomain>
Subject: We accepted your loan request
<SNIP> 

Header from email 2:
Received: from ploy-433d4dd4c8 (ppp-124.121.125.171.revip2.asianet.co.th
[124.121.125.171])by mail.notmydomain (8/8) with ESMTP id
kADErFu6026071for <NotMyEmail@notmydomain>; Mon, 13 Nov 2006 07:53:19 -0700 (MST)

Received: from 194.2.3.145 (HELO smtp.oleane.net)    by notmydomain with esmt
(439O>US,1*K0 5L2V)    id ,5X4+H-IM**Y5-T'    for NotMyEmail@notmydomain;

Mon, 13 Nov 2006 14:53:18 -0420
Message-ID: <01c70733$74a1dd40$6c822ecf@akstcapcmmnsdgs>
From: "Marquita Rosenberg" <akstcapcmmnsdgs@apcm.fr>
To: <NotMyEmail@notmydomain>
Subject: Your loan request approved

<SNIP>

Keywords:
0 comment(s)
Diary Archives