Tuesday, June 10, 2008

Scams are getting complex

The timing on this could not be better considering the discussion Chris and I have been having about users being to blame if they get scammed.

It almost happened to a good friend of mine last night. Thankfully she was wary and read the email through a few times.

She has been looking for an apartment in the city and finally found this amazing deal on Craigslist. Great price, awesome location, perfect. Too perfect. She emailed the owner, who just happened to be overseas on a work contract of some sort.

So they begin an email correspondence and go back and forth trying to work out the details. Then the 'owner' says that he/she would rather go through a 3rd party escrow agency as it's a way to protect both parties. I admit that up until this point everything sounded legit.

The 'owner' decided that RE/MAX would be the escrow agency and that he would start the process and that my friend would be receiving an email with details on how to transfer the money to the escrow agency, etc..

So far it all sounds great, everyone is protected, everyone is happy. My friend waits for the email and it does not arrive. She emails back and the 'owner' says that it was sent and to check her spam folder. Yes, you and I would immediately wonder why it ended up in the spam folder and check the headers and content. The average person, that sees so many legit emails end up in that folder won't though

So last night my friend decided to go ahead and get the process started. So she prints out the email to make sure she has the instructions correct. I'm sitting at my new mac when she comes over and asks me to have a look at the email.

The reply address looks a little odd she says.


um, yeah it does. Now the rest of the email is well formatted and looks really legit. I asked her where the original email was. So after opening her yahoo account and showing me the email I look at the headers to the email and surprise, surprise, the email is spoofed.

Authentication-Results: mta209.mail.re3.yahoo.com from=remax.com; domainkeys=neutral (no sig)
Received: from (EHLO smtp-gw51.mailanyone.net) ( by mta209.mail.re3.yahoo.com with SMTP; Sun, 08 Jun 2008 23:28:29 -0700
Received: from mailanyone.net by smtp-gw51.mailanyone.net with esmtpa (MailAnyone extSMTP carasove) id 1K5arj-0006bc-OU for **********@yahoo.com; Mon, 09 Jun 2008 01:28:29 -0500
Received: from (MailAnyone web AccountID 228933) by webmail.fusemail.com with HTTP; Mon, 9 Jun 2008 01:28:27 -0500 (CDT)
Message-ID: <1212992907.v2.mailanyonewebmail-228933@fuse48>
Date: Mon, 9 Jun 2008 01:28:27 -0500 (CDT)
Subject: RE/MAX Escrow Transaction
From: "ReMax.com"
A little bit of searching for mailanyone.net it seems that this service is often used to send spoofed emails.

After calling REMAX directly they confirmed that the email and 'transaction' was a scam.

Thankfully my friend was cautious enough, due to the amount of money involved, to question any unusual aspects of the email and transaction.

I wonder how many people are getting caught by scams like this one? It is not a simple link or website. These scammers obviously took a lot of time to develop this scam and to execute it in such a manner as to illicit trust from the user.

dean de beer

No comments: