Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: A loan offer or two SANS ISC InfoSec Forums

Special Webcast: What you need to know about the crypt32.dll vulnerability. Register Now

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
A loan offer or two
Today I received two loan offers which is unusual because I have not applied for any loans in years. When I first tried to resolve the site (~8:00 MDT) it failed. It has since come on line. The site is not rendering correctly in firefox It worked in Internet Explorer. At the bottom of their page they make it clear that they will send your information to "participating lenders" and that those lenders could call you even if your on the "do not call" list.
I suspect they are building a list for telemarketers. Also at the bottom of their page is a graphic that states "we are fully compliant with the can spam act of 2003". I removed the URL from the email because I don't wish to advertise for them. I modified the email headers to remove unimportant details and obstificate my email address.

Body of the loan offer 1:
"Thank you for your loan request, which we recieved yesterday,
we'd like to inform you that we are accepting your application, bad credit ok, We are ready to give you a $236,000 loan for a low month payment.

Approval process will take only 1 minute.

Please visit the confirmation link below and fill-out our short 30 second form.

Body of load offer 2:
"Thank you for your loan request, which we recieved yesterday,
we'd like to inform you that we are accepting your application, bad credit ok, We are ready to give you a $234,000 loan for a low month payment.

Approval process will take only 1 minute.

Please visit the confirmation link below and fill-out our short 30 second form."


Header of the First email:

Received: from 105.12.117.87.donpac.ru (105.12.117.87.donpac.ru
[87.117.12.105])by mail.notmydomain (8/8) with ESMTP id
kADFeJhv023656for <NotMyEmail@notmydomain>; Mon, 13 Nov 2006 08:40:29 -0700 (MST)

Received: from 66.179.38.137 (HELO smtp3.harrisinfo.com)    by notmydomain
with esmtp (J.E5*P/Y,8@ XS,;)    id D2,237-/3J2I3-OH    for
NotMyEmail@notmydomain; Mon, 13 Nov 2006 15:34:57 -0180

From: "Meagan Howell" <akstcharrisinfomnsdgs@harrisinfo.com>
To: <NotMyEmail@notmydomain>
Subject: We accepted your loan request
<SNIP> 

Header from email 2:
Received: from ploy-433d4dd4c8 (ppp-124.121.125.171.revip2.asianet.co.th
[124.121.125.171])by mail.notmydomain (8/8) with ESMTP id
kADErFu6026071for <NotMyEmail@notmydomain>; Mon, 13 Nov 2006 07:53:19 -0700 (MST)

Received: from 194.2.3.145 (HELO smtp.oleane.net)    by notmydomain with esmt
(439O>US,1*K0 5L2V)    id ,5X4+H-IM**Y5-T'    for NotMyEmail@notmydomain;

Mon, 13 Nov 2006 14:53:18 -0420
Message-ID: <01c70733$74a1dd40$6c822ecf@akstcapcmmnsdgs>
From: "Marquita Rosenberg" <akstcapcmmnsdgs@apcm.fr>
To: <NotMyEmail@notmydomain>
Subject: Your loan request approved
<SNIP>

 donald

206 Posts
ISC Handler
Subscribe Nov 13th 2006
1 decade ago

Sign Up for Free or Log In to start participating in the conversation!