Steel Guitar Strings Strings & instruction for lap steel, Hawaiian & pedal steel guitars http://SteelGuitarShopper.com |
Ray Price Shuffles Classic country shuffle styles for Band-in-a-Box, by BIAB guru Jim Baron. http://steelguitarmusic.com |
This Forum is CLOSED. |
The Steel Guitar Forum
Steel Without Pedals Important Security Message
|
next newest topic | next oldest topic |
Author | Topic: Important Security Message |
b0b Sysop From: Cloverdale, California, USA |
posted 05 November 2004 04:42 PM
profile
My friend Bobby D. Hunter has been handling security issues for the Forum. Here is an important announcement from him regarding the Nigerian Scam threat, and what you can do to help defeat these crooks: Fellow Forumites on the SGF: As many of you are now aware, our seller's forums have been invaded by offshore scam artists, who are attempting to defraud us with forged certified checks or money orders. Anybody who has replied to one of their poorly worded and horribly misspelled letters has been told that the person wants to pay an amount far in excess of your selling price, and have you refund the balance, via Western Union. This is a 419 scam, used mostly by Nigerians. 419 is the Nigerian Penal Code that deals with advanced fee and other financial fraud. 99.999% of your scams are coming directly from Nigeria, according to my research. It is my job to track the sources and take measures to block them from further access to any of our forums. To do this I would like to enlist your help. While I have succeeded in tracking and blocking most of the offenders, some are still sneaking through by using ISPs I haven't discovered yet. With your input I can block them all, or come awful close. If you want to help, don't be a girly-man, just read on... You can help put a stop to the scammers on the SGF by sending me the HEADERS from the emails that they send to you. The HEADERS contain the routing information that tracks the email from it's point of origin until it is delivered to it's recipient. The Headers are not usually visible when you read an email, but they can be viewed by viewing the Properties, or Source of the message. If you use browser-based email, like Yahoo! or Hotmail, there will be a place where you can change your email settings or Preferences to display the Full Headers. The instructions for Yahoo! and Hotmail follow. If you use Yahoo! email, login and click on "Mail Options." When the options page loads locate the section labeled Personalization and click on the link labeled "General Preferences." On the General Preferences" page scroll to "Messages" and put the dot in the radio choice labeled "Show ALL Headers." Scroll down farther to "Message Actions" and find "Forwarding Messages." Select the radio choice to "Forward as Inline Text." Click the "Save" button at the bottom. After this all you have to do is Forward any scam emails to me and the full headers will be at the top. If you are using browser-based Hotmail, login and go to "Options." At the Options page click the link labeled "Mail Display Settings" and find the section "Message Headers." Put the dot in the option "Full." Click on "OK" at the bottom to save your changes. Now, when you get a scam email and Forward it to me, at wizardodelasteel@hotmail.com , I will see the full headers and may be able to trace the message. If you use Outlook Express, Mozilla , Eudora, Incredimail, or some other desktop email program (Email Client) you may have to extract the headers, by opening the Properties box, then copy them and paste them into a new email, and send it to me. Most of the commonly used programs can display the headers, in a separate window, by highlighting the message and right-clicking on it, then selecting "Properties." Alternately, you might be able to highlight it, or open it, then press the ALT and ENTER keys together, to open it's source Properties. Once in Properties look for a tab or button labeled Details, or Source, etc. Clicking that tab or button should open a window that contains the raw headers. Use CTRL and A to select all of the text, then CTRL and C to copy it. Then, open a new email and Paste the headers into the message body, add a descriptive subject and address it to me, to wizardodelasteel@hotmail.com I would like to encourage those of you who have had enough of scammers and spammers to join SpamCop as a Reporting Member. Their URL is www.spamcop.net . You can make a big difference by making life unprofitable for spammers and scammers alike. Thanks in advance for your assistance and input. Bobby D. Hunter Hunting Slimeball Game Member of SpamCop (Warning to spammers: if you send spam to this email address you will most certainly regret it.) [This message was edited by b0b on 05 November 2004 at 04:44 PM.] |
Bobby D. Hunter Member From: USA |
posted 09 November 2004 09:05 AM
profile
Here are some links to online articles explaining about these latest Nigerian scams, and what befell one person who was convicted of committing them. From: http://www.wired.com/news/business/0,1367,65631,00.html quote: Read this article, and this one, to learn the basics of the current Nigerian counterfit check scams. The stand taken by most US banks, concerning counterfit Certified Checks, Cashier's Checks and Money Orders should be an eye-opener. These people have created a website dedicated to exposing the email addresses used by Nigerian 419 scammers. The list is in a form suitable for use in email filters, to screen out these email messages from your inbox. You can also Google for keywords such as: 419 scams, 419 scammers, overpayment counterfit checks, auction payment fraud, advanced fee fraud. You might find some comic relief from any frustration caused by these scammers by visiting 419eater.com, where potential victims reverse the scams against the scammers! These people are known in the anti-419 movement as 419 Baiters. (Proceed at your own risk) I still urge you all to think about joining SpamCop as Reporting Members, where you can paste the source code (must include Headers and message body) of any spam or scam emails into a text input field, then have SpamCop process it and report the offenders to their ISPs and web hosts. SpamCop supplies a blocklist of reported spammers to many Internet Service Providers, and also makes it freely available for personal use as a Blacklist Check for programs like Mailwasher Pro, which I use to screen all incoming email. Ask me for details if you are interested. Bobby D. Hunter [This message was edited by Bobby D. Hunter on 09 November 2004 at 09:23 AM.] |
Bobby D. Hunter Member From: USA |
posted 09 November 2004 09:40 AM
profile
Here is another keyboard shortcut that can be used to display the headers and html source code of an email that is opened in Outlook Express: CTRL + F3. After the source window opens you can use CTRL + A to Select All, then CTRL + C to Copy the selected text, and finally, you can paste it into either a new email to me, or paste it into the SpamCop Reporting textarea, by clicking in the body or textarea and pressing CTRL + V. Outlook Express also has the means of forwarding an email as an attachment, which is the preferred method of insuring that the headers are delivered along with the message body. Plain Forwarding (using the "Forward" button) will strip the headers from the original message, making it useless for tracking purposes. By Forwarding as an attachment you save yourself the work of extracting the headers and pasting them into a new message. To do this, simply right-click on the (un-opened) email in your inbox or other folder, and select Forward As Attachment. If your message is already open, click on the menu-bar item Message, then select Forward As Attachment. Thanks again to all of the Forumites who are helping in the quest. Bobby D. Hunter [This message was edited by Bobby D. Hunter on 09 November 2004 at 10:45 AM.] |
Leila Tuttle Member From: Wheat Ridge, Colorado, USA |
posted 03 December 2004 06:59 PM
profile
Bobby, I use Mailwasher too and its great. Now, when I get a scam-email pretending to be Ebay wanting my personal information I just do a "Forward" to spoof@ebay.com Could we do the same thing and just forward all this Nigerian stuff to you...or bOb (is that you? I usually delete those but would be glad to take them and send them to you if that's not risky. Thanks. Leila |
b0b Sysop From: Cloverdale, California, USA |
posted 04 December 2004 09:17 AM
profile
Yes, that's the idea, Leila. Please forward any suspicious Forum scam emails to Bobby D. Hunter aka "Wiz" at wizardodelasteel@hotmail.com . And no, I'm not him, but he and I work together to block access by scammers, for your protection. ------------------ |
Leila Tuttle Member From: Wheat Ridge, Colorado, USA |
posted 10 December 2004 07:31 PM
profile
bOb, Okay, I've forwarded two of them, with many more to follow I'm sure. Now do I get compensated for missing out on all those millions in Nigeria? Leila |
Leila Tuttle Member From: Wheat Ridge, Colorado, USA |
posted 13 December 2004 01:32 PM
profile
Here is one I received today...different from the others I've gotten. I forwarded it on to "Wiz". I hope the format looks normal after I push Submit. Greetings and Compliments. I strongly regret any inconvenience the receipt of this letter may cause you, bearing in mind the nature of its content coming from a person without any referral, but please read and assimilate its content and objectively consider if we can work together. I am the head of the account department of a Private Bank in Netherlands and I would like to intimate you with certain facts that I believe would be of interest to you. This involves a client who shared the same last name with you and had an investment placed under our bank\'s management years ago, the circumstances surrounding the investment made by this client who died interstate, with no known nominated successor in title over this investment made with the Private Banking Branch of my bank has made it very difficult to locate anyone who is directly related to the deceased. With the very strong feeling that no one will ever come forward to claim the funds and the investigation coming to a close after several months, the need for an assistance becomes crucial, as a next of kin to the depositor is earnestly being searched for, I have already developed a foolproof, legal and totally risk free means through which the fund can be released to your The strategy is to use my position and influence as the Head of the branch and Personal Account office of the deceased to present you as a next of Kin and beneficiary of the deposit. I want to assure you that I have concluded all local modalities for the successful completion of this within 10 I expect your urgent response and if in the affirmative, I shall advice you on what we need to do. Best regards, Leila |
Jon Light Member From: Brooklyn, NY |
posted 13 December 2004 01:58 PM
profile
Well, that's certainly a new angle. Instead of appealing to your decency to help someone in a bind get access to money legitimately his (the typical Nigerian scam), this one is appealing to your greed to help defraud a bank out of money that is neither yours nor his. I say give him all of your money, your bank account number, your credit card number, and your first, second and third born. You can't lose! |
CrowBear Schmitt Member From: Ariege, - PairO'knees, - France |
posted 13 December 2004 03:06 PM
profile
i got one from a scammer who says he's got access to dormant or sleeping accounts in Switzerland from Holocaust victims thanx to wizardo's tips i traced this schmuck to Nigeria....as usual |
b0b Sysop From: Cloverdale, California, USA |
posted 13 December 2004 05:03 PM
profile
Just to be clear, what we're trying to prevent is scammers pretending to buy things from the Forum Classifed Ads. We do this by blocking their addresses on the Forum server, so that they can't see the ads to begin with. This will have no effect on other kinds of scams, where they got your email address from somewhere else. ------------------ |
Bobby D. Hunter Member From: USA |
posted 18 December 2004 06:40 AM
profile
I'd like to reiterate what b0b said, that we are looking for Nigerian scammers that can be tracked to ads on the SGF. These are my primary target. However, after receiving some outside 419 and ebay scammers' messages I was able to trace some of them to previously unknown satellite services who resell IPs to Nigeria. Many more of these scam emails originate, or appear to originate in the Netherlands and Denmark, which is a bit of a problem since we have members in those countries. I would really like to find out if any of our European members are using any of these ISPs:
If anybody knows of any SGF members using any of these services, please email me about it. ------------------ [This message was edited by Bobby D. Hunter on 18 December 2004 at 06:41 AM.] |
David L. Donald Member From: Koh Samui Island, Thailand |
posted 18 December 2004 02:48 PM
profile
I get these files sent that are clearly windows aimed viruses carriers, but I don't know the file type. .pif ?? .EXE I understand, but .pif... unknown to me. |
Jack Stoner Sysop From: Inverness, Florida |
posted 19 December 2004 03:18 AM
profile
Here is one I got yesterday, supposedly an inquiry about The Florida Steel Guitar Club. He wants to transfer his "Yearly Payment", etc. The grammer is very poor, my name is mis-spelled and he has the club's e-mail address and if he got that and the club info from our web site then he would have known we do not have any dues. Obviously I am not going to answer it. I'm using Outlook 2000 and I don't see the header/routing info referenced for Outlook Express. Them Message was from "Mike Forst Talent Agency [mft1@msn.com]" The Subject Line is "Thinking about A PEDAL STEEL GUITAR the ASSOCIATION" Mr. Stone |
Jim Smith Member From: Plano, TX, USA |
posted 19 December 2004 10:14 AM
profile
quote:Double click the message to open it in its own window. Then click View-Options and you can view the data in the "Internet headers" pane. You can copy that data and paste it into another email. |
Wiz Feinberg Moderator From: Flint, Michigan, USA |
posted 19 December 2004 01:13 PM
profile
Jim Smith wrote quote: Thanks for that info Jim! I didn't know that.
Here are some of the hostile file extensions that I currently block from incoming email (there are others also):
You also need to look carefully for double extensions, with long spaces before the last one, used to try to fool people into thinking they are opening an image, when it is really an executable. Sometimes your default folder-file settings will hide extensions of known file types. This is a dangerous setting, because you may not see a .exe, or .scp extension that can cause you to be fooled into thinking the file is a harmless image or text file. I advise everybody to change that so all extensions are displayed, for all file types. ------------------ [This message was edited by Wiz Feinberg on 19 December 2004 at 01:57 PM.] |
Andy Volk Member From: Boston, MA |
posted 07 January 2005 11:40 AM
profile
also beware of so called "spoof" emails purporting to be from legitiamte businesses. I got one yesterday - a fake eBay email telling me another user had hijacked my ID and I must verify my identity by supplying credit card numbers and passwords. Yeah, right. No business will ask for sensitive info via email. Make sure to double check before you respond! |
Jason Odd Member From: Melbourne, Victoria, Australia |
posted 14 February 2005 07:09 AM
profile
We've had similar bank ones, it looks official, but they ask to verify details in email in a way similar to what Any described. It took my bank a couple of weeks to figure it out and get some news coverage to warn people. |
Bobby D. Hunter Member From: USA |
posted 15 February 2005 08:06 AM
profile
I would like to thank everybody on the seller's forums who have forwarded scam messages to me thusfar. With your input we have been able to block access to tens of thousands of IP addresses used by African and South African based scam artists. However, the banning work is not finished. We have not discovered all of the IPs (Internet Protocol addresses) assigned to and being used in these countries and still need to be made aware when a scammer makes it through our defenses. New Skies worldwide Satellite Services, and certain Israeli, Norwegian and Danish Internet Services resellers are making even more IP blocks available to these Slimeball Vermine who sit in Internet Cafes and calmly scan the internet for forums and auction sites where people are hoping to sell their goods quickly. As of February 14, 2005, I have still been receiving odd reports of Nigerian, and other African scammers attempting to rip-off members of the SGF who have posted items for sale on our forums. It is important that any member who receives what they believe may be a fraudulant offer to purchase their goods, should immediately forward that email to me, with the full incoming headers intact. Forward Inline with full headers displayed, or as an attachment with full headers.
quote: By doing this you will help me to protect the steel guitar community (on the SGF) from being preyed upon by these vermine. At this time I prefer to only receive forwarded messages sent to SGF members regarding items posted for sale on the SGF, not on eBay, or some other trader's forum. If you are unsure of what constitutes an attempted scam offer to purchase, here are some clues (your milage may vary):
These are just guidelines. The actual words and phrases will vary, as will the ISPs through which they relay their scams. Outblaze and yahoo (us and uk) are commonly used, as are ISPs in Norway and Germany (where we do have members). Your job is to be suspicious and on the lookout, and report these activities to me. My job is determining if the message is a scam, then tracking down the perps and rendering them incapable of having further access to the SGF. Please be aware that once they have obtained your email address they will still be able to contact you, to try to scam you again. They won't know about any new items you post for sale though. If your email address has been scraped by these Slimeballs they may try to sell it to other scammers, in which case you will get all manner of financial (419) scams and lottery spams. If you are being deluged with this kind of spam/scam email you should consider joining Spamcop, as a reporting member. Keep Steelin' but don't get caught! [This message was edited by Bobby D. Hunter on 15 February 2005 at 02:24 PM.] |
Bobby D. Hunter Member From: USA |
posted 18 February 2005 03:53 PM
profile
This is the most current pitch, from a scammer in Kenya: --------------------------------------------- I am Trisha Emde from Belgium, I am interested in the --------------------------------------------- As usual, if you receive such an email, forward it to me as an attachment, so I can track it using the headers info. Thanks again, BDH [This message was edited by Bobby D. Hunter on 18 February 2005 at 03:54 PM.] |
Bobby D. Hunter Member From: USA |
posted 22 April 2005 10:57 PM
profile
Here is the latest Nigerian scammer's Headers, as of April 22, 2005: The Scammer's IP address is in Bold, and has been traced to Lagos, Nigeria. Bobby D. Hunter [This message was edited by b0b on 25 April 2005 at 09:26 AM.] |
Bobby D. Hunter Member From: USA |
posted 03 May 2005 06:07 PM
profile
In case any members of this Forum are also running their own Apache Web Servers, or act as Webmasters for Apache-hosted websites, I have a complete blocklist of Nigerian and West African IP addresses available, for use in your .htaccess file. The list is an ongoing project and is updated whenever I discover another Blackhat ISP that is being used by African Scammers. To obtain a copy send me an email telling me who you are and what access you are allowed to control your server files. If it appears that you are able to apply my solution, and are Whitehat, I will send you a link to download the list from my server. If you are a Webmaster, or own, or lease a server, and don't know how to install and test a .htaccess file, I can do it for you, for a small fee. ------------------ |
Bobby D. Hunter Member From: USA |
posted 25 June 2005 10:26 AM
profile
Addition of Sky-Vision.net Satellite Services to our Blocklist.To all members in Europe, Africa, or Asia As you all must know by now I am doing security for the Steel Guitar Forum, tracking down the Nigerian criminals (and others) who are trying to scam you out of your money and instruments you are trying to sell on our forums. Most of these scams involve overpayment with counterfeit certified checks or money orders, with you sending the cash refund to the scammer or his agent, via Western Union, to Nigeria. In the course of this Hunt I have uncovered tens of thousands of Internet Protocol (IP) addresses from which the scammers send their emails to you all, and have applied them to a blocklist, which denies them further access to the SGF. The scammers seem to have gotten wise to this tactic and are beginning to use new sources of Internet Services to view the forums, to get around the Nigerian blockade. However, when I trace the emails you good folk have been forwarding to me, they almost all come from Internet Cafes in Nigeria. In my efforts to block access to all of these low-lifes I have had to expand the reach of the blocklist to include entire Satellite Internst Services, the most recent of which is Sky-Vision.net. This company supplies millions of persons with Internet connectivity, in Africa, Eastern Europe, and parts of Asia. They are one of the main suppliers of Internet services to Nigeria. I am posting this notice so that members living in Africa, Asia, and Europe can check with their Internet Service Providers to see if they are receiving their signal from sky-vision.net satellite services. If any of you are, you may find your access to the SGF blocked once the new list goes into effect. If you are blocked you should contact me at - wizardodelasteel@hotmail.com, using your regular ISP to send your email. I will read the headers of your email and poke a hole in the blocklist, to let you back in. I sincerely hope that we don't block any of our members in Europe and chances are good that we won't. I just want you to be aware that it could happen, and give you the means of contacting me outside of the SGF, so I can allow your ISP back in. There are literally hundreds of thousands of IP addresses covered by our blocklist, and it is growing every week. With your co-operation we can rid the SGF of these Nigerian scammers and any copycats who follow them. Please read my previous Posts in this thread to learn how to Forward As Attachment any scam emails you receive, to me. Thank you all. ------------------ |
Bobby D. Hunter Member From: USA |
posted 16 July 2005 02:02 PM
profile
Users of Outlook Express (and probably Outlook and other standard email clients) can attach an original scam email by opening a New Message in your email client, address it to me (wizardodelasteel AT hotmail DOT com), type a subject, briefly say what it is about in the body, then drag and drop the scam email into the body area. It will instantly be attached as a .eml attachment, and when I receive it the complete headers will be included for me to do my tracking. [This message was edited by Bobby D. Hunter on 16 July 2005 at 02:03 PM.] |
Bobby D. Hunter Member From: USA |
posted 08 November 2005 10:32 AM
profile
This scam began arriving in SGF members' e-mail inboxes on November 8, 2005. This new twist on the old kited check scam was just sent to several members of the SGF. It now involves "depositing" US Postal Money Orders in your bank, taking out 10% for your "commission," and wiring the balance of the money to Nigeria, as a favor to the sender, yada, yada. I have traced the sender to Lagos, Nigeria. If any other members receive one of these please forward them to me as attachments, or copy and paste the entire source code into a new message and send it to me. The original message is pasted below. Hello Dear Friend, Good day to you, my name is Susan Bryant,I am an artist with my husband James Bryant,and we are the owner of Sus Art World .I live in London United Kingdom,with my two kids, four cats, one dog and the love of my life my husband James Bryant. It is definitely a full house. I have been doing artwork since I was a small child. That gives me about 23 years of experience. I majored in art in high school and took a few college art courses. Most of my work is done in either pencil or airbrush mixed with color pencils. I have recently added designing and creating artwork on the computer. I have been selling my art for the last 3 years and have had my work featured on trading cards, prints and in magazines. I have sold in galleries and to private collectors from all around the world. I am always facing serious difficulties when it comes to selling my art works to Americans, they are always offering to pay with U.S POSTAL MONEY ORDER, which is difficult for me to cash here in London United Kingdom. I am looking for a representative in the states who will be working for me as a partime worker and i will be willing to pay 10% for every transaction, which wouldnt affect ur present state of work, someone who would help me recieve payments from my customers in the united states.i mean someone that is responsible and reliable,cause the cost of coming to the untied state and getting payments is very expensive, I am working on setting up a branch in the state, so for now I need a representative in the united state who will be handling the payment aspect. All the payments are in U.S POSTAL MONEY ORDER and my customers will issue the U.S POSTAL MONEY ORDERS in your name and post the U.S POSTAL MONEY ORDER to your doorstep, so all you need do is to take the U.S POSTAL MONEY ORDER'S to your bank and cash them, then deduct your 10% and wire the balance back to me. This business will not cost you any amount of money, my customers will send you the U.S POSTAL MONEY ORDER'S through a courier company and the courier company will deliver the package to your doorstep, as soon as you receive the package from the courier company, just take the U.S POSTAL MONEY ORDER'S to your bank and cash them. If you are interested, please get back to me as soon as possible via mail:susanartworld_uk01@yahoo.co.uk I shall be waiting for your quickly response, Thanking you in advance and God be with you. Friendly Susan Bryant Because Nigerians are now counterfitting US Postal Money Orders, I strongly advise SGF members who accept UPSP Money Orders to cash them at your local Post Office branch. Do not take them to your bank and deposit them. If they bounce you will have to pay penalty fees. All Postal clerks have equipment to check the validity of Postal Money Orders. If good they cash them on the spot. If forged they may be able to launch an investigation, provided you have the original envelope in which it arrived, if it came via US Mail. If it arrived by courier contact that courier and report that you were sent a counterfit monetary instrument through their delivery service. Keep the forged money order until you are sure that no authorities want to have it for evidence. ------------------ |
Wiz Feinberg Moderator From: Flint, Michigan, USA |
posted 19 June 2006 07:01 PM
profile
The scams referred to throughout this thread often involve sending the email headers to security for analysis. While the instructions for doing this are found from top to bottom in this thread, they are spread out. I have encapsulated the instructions for displaying, copying and pasting raw email headers and the entire source code into one single, concise article, here, on my Blog. ------------------ [This message was edited by Wiz Feinberg on 19 June 2006 at 07:09 PM.] |
All times are Pacific (US) | next newest topic | next oldest topic |
Note: Messages not explicitly copyrighted are in the Public Domain.
Powered by Infopop www.infopop.com © 2000
Ultimate Bulletin Board 5.46
Our mailing address is:
The Steel Guitar Forum
148 South Cloverdale Blvd.
Cloverdale, CA 95425 USA
Support the Forum