Comments for RJS Smart Security

Comment on June Updates and Patch Report by Lottery Pa »

Lottery Pa » — Sat, 06 Apr 2013 21:06:50 +0000

[...] avgjoegeek.net Dad, Geek, GamerAndroid Lokamavgjoegeek.net Dad, Geek, Gameravgjoegeek.net Dad, Geek, GamerAndroid Lokamavgjoegeek.net Dad, Geek, GamerAndroid LokamRJS Smart Security [...]

Comment on Global Velocity Announces Expansion of Reseller Program to include RJS Smart Security by ESET Smart Security V5 3 User 1 Year (PC) | buy software online uk

ESET Smart Security V5 3 User 1 Year (PC) | buy software online uk — Tue, 02 Apr 2013 15:03:07 +0000

[...] RJS Smart Security [...]

Comment on July Updates and Patch Report by McAfee Internet Security 2010 (3 Users) | software solutions and applications

Tue, 12 Mar 2013 18:04:35 +0000

[...] RJS Smart Security [...]

Comment on Internet Theft and the Holidays by Ted

Ted — Wed, 13 Feb 2013 15:55:01 +0000

The scam became obvious to me as soon as I read this sentence: “I was informed by Amazon that they send you all the payment and delivery informations.” Two errors in one sentence. Obviously not an English-first writer. We are all doomed once these folks learn to use proper English.

Comment on Internet Theft and the Holidays by Chris

Chris — Fri, 18 Jan 2013 09:43:07 +0000

Some scams are more sneaky than you think – tricking you into vising some web page, where you think “Wow – I am so smart – I would never be stupid enough to enter my login details into this obviously fake web page”… but they never wanted you to in the first place – they used a zero-day exploit to infect your PC with a polymorphic key-logger and banking trojan.
Or in other words – it is not safe to even *investigate* fraudulent attacks nowdays.

Comment on Internet Theft and the Holidays by joe

joe — Tue, 15 Jan 2013 17:11:46 +0000

There’s a lot of verbiage here, but this was a definite scam waaaay up at the top where a chocolate company responds to your question with “If you are wondering why the price is lower than the usual,it is because we have some promotional prices before holidays.” There’s bad english and a diversion of a direct question right there. The rest would never even have occurred with any sensible person, other than informing the company that the scam is going on.

Comment on Internet Theft and the Holidays by Mike

Mike — Tue, 15 Jan 2013 15:35:59 +0000

Canon has a list of authorized resellers on their website……
Also, “but this camera listed on Amazon.com was just $1,836.73. 56% off is clearly a better deal” is a bit misleading b/c the listing really wasn’t by Amazon.com as a seller, it was some random Greek dude acting as a third party reseller on Amazon.com. If Amazon.com had listed the camera at 56% off, that would have been a slick deal

Comment on Sophos: Pushing the Boundaries by Your Questions About Escitalopram (lexapro)

Your Questions About Escitalopram (lexapro) — Mon, 14 Jan 2013 02:33:43 +0000

[...] FB.Event.subscribe('edge.create', function(href){ var data = { post: '1674', action: 'fbjax' }; jQuery.post('http://www.mentalhealthnewstoday.com/wp-admin/admin-ajax.php', data, function(response) { location.reload(); }); }); Health Guide BlogBack to the FridgeRJS Smart Security [...]

Comment on Internet Theft and the Holidays by Aaron

Aaron — Fri, 11 Jan 2013 01:26:46 +0000

SPF passes, but for the gmail domain. Which makes perfect sense, gmail.com would of course permit a Google MTA to send Google emails. It’s pretty trivial to connect to Google via SMTP and give it whatever headers you’d like as long as they fit spec, so specifying a reply-to that has nothing to do with the sender address wouldn’t even qualify has a hacker trick. That reply-to is to an address they most likely don’t control, but as you hinted at, they are almost certainly relying on the user to click the links in the email rather than reply to it.

Comment on Internet Theft and the Holidays by Creating a new gateway box » Dan Langille's Other Diary

Creating a new gateway box » Dan Langille's Other Diary — Wed, 09 Jan 2013 16:13:06 +0000

[...] an effort to ruthlessly eradicate legacy, I’ve decided to upgrade my gateway at the same time as I’m upgrading my development [...]

Comment on Internet Theft and the Holidays by Designing a new server, part III » Dan Langille's Other Diary

Designing a new server, part III » Dan Langille's Other Diary — Wed, 09 Jan 2013 16:12:46 +0000

[...] One of the two HDD in the gmirror has gone off line. Also, I recently read an article about an interesting scam which introduced me to the phrase ruthlessly eradicate legacy. That phrase and strategy lodged [...]

Comment on Internet Theft and the Holidays by John Hardin

John Hardin — Wed, 09 Jan 2013 03:12:28 +0000

Just one comment: SPF is _NOT_ an anti-spam technology, it is an anti-_FORGERY_ technology. There is nothing preventing a spammer from registering a likely-looking domain (for example, payments-amazonmarketplace.com, which was created in September 2012 and whose owner is hiding behind a privacy service) and publishing an SPF record to say “yes, mail from payments-amazonmarketplace.com really is from payments-amazonmarketplace.com”.

In the case of your message, the SPF attestation shows that the email from payment.amazonservices@gmail.com actually did originate from google’s mail servers. Which says nothing about whether or not it’s spam, but does say a lot about whether it’s from Amazon…

Comment on Internet Theft and the Holidays by Details of an Internet Scam « Triple D Consulting

Details of an Internet Scam « Triple D Consulting — Tue, 08 Jan 2013 17:19:25 +0000

[...] details of an Amazon Marketplace scam. Worth [...]

Comment on Internet Theft and the Holidays by Jonathan Rynd

Jonathan Rynd — Tue, 08 Jan 2013 16:00:31 +0000

The reason it passes SPF is that it really was sent from Google. You could report this as spam to google and get the account shut down.

Comment on Internet Theft and the Holidays by Links for January 8, 2013 | Rick's Daily Link CollectionRick's Daily Link Collection

Tue, 08 Jan 2013 15:39:03 +0000

[...] RJS Smart Security – Internet Theft and the Holidays [...]

Comment on Internet Theft and the Holidays by Details of an Internet Scam

Details of an Internet Scam — Tue, 08 Jan 2013 09:06:02 +0000

[...] details of an Amazon Marketplace scam. Worth [...]

Comment on Internet Theft and the Holidays by Details of an Internet Scam « Random Ramblings of Rude Reality

Details of an Internet Scam « Random Ramblings of Rude Reality — Tue, 08 Jan 2013 04:17:26 +0000

[...] details of an Amazon Marketplace scam. Worth [...]

Comment on Internet Theft and the Holidays by qmc

qmc — Tue, 08 Jan 2013 02:46:12 +0000

interesting story. You do have the header analysis wrong (what spf/dim do, and google -does- legitimately use the rfc1918 space – see your legitimate emails) but otherwise a good cautionary tale.

Comment on Internet Theft and the Holidays by Danny

Danny — Mon, 07 Jan 2013 21:48:15 +0000

As a bit of side comment, the name there APETRI MIHAELA is a Romanian one, as I am a Romanian myself. Furthermore, is from a region in Romania that is very poor, where the unemployment is the highest in Romania and then people tend to get involved into shady deals – not saying that the person is the one running the scam, I am saying she’s definitely getting some money for letting her account used. While the emitting bank it seems to be from Greece it does have subsidiaries opened in Romania as well and while those subsidiaries would use a RO as starting IBAN number is very easy to set up one in Greece and then let all the subsequent transactions go trough the subsidiary in Romania.
Now, a bit of info from Romanian laws – she’s untouchable. If proven, at best, you could issue under Greece laws (that is her bank account is a Greece one) a request that she’d be extradited to Greece and then convicted there. That’s never gonna happen.
At best you could do is to forward this information to Piraues Bank and let them terminate that account number. And make any money exists in there to be lost for scammers.
You would also wonder, why if poor, someone has such a good internet at their disposal. The answer is simple. Romania is ranked number four in the world as best internet. We have here broadband speed very good at a fraction of the cost that is in US. For example, mine is 150 Mbps and I pay like $17 /month without any restrictions.

Comment on Internet Theft and the Holidays by Joe Biden

Joe Biden — Mon, 07 Jan 2013 19:12:14 +0000

The moment it left Amazon, you should have known it was a scam. The rest of this article was a waste of time because the scam was really obvious.

Comment on Internet Theft and the Holidays by Zachary Reiss-Davis

Zachary Reiss-Davis — Mon, 07 Jan 2013 19:09:31 +0000

Great post — you could simplify a lot of the advise down to: If you are buying online, and have questions about the safety of the seller, and you can’t pay with Amazon Payments, Ebay Paypal, or Google Checkout, pass. Paypal especially is so good for the buyers that a lot of sellers hate that they can get scammed out of purchase prices by buyers disputing legitimate transactions. There’s never, ever, a reason to use a bank account number in an online purchase, and almost never a reason to use a credit card number with a seller that isn’t a Fortune 2000 company.

Comment on Internet Theft and the Holidays by nerdherd.com

nerdherd.com — Mon, 07 Jan 2013 18:09:31 +0000

Good catch!

Regarding the e-mail headers, Gmail originates internally from 10.x I.P.’s, and sends out through public I.P.’s, so that’s not a concern.

However, the reply-to address is some clever social engineering: Whois on payments-amazonmarketplace.com shows:

Registrar: FastDomain Inc.
Provider Name….: Netfirms, Inc.
Provider Whois…: whois.fastdomain.com
Provider Homepage: http://www.netfirms.com/

Domain Name: PAYMENTS-AMAZONMARKETPLACE.COM

Created on…………..: 2012-09-07 16:10:45 GMT
Expires on…………..: 2013-09-07 16:10:45 GMT
Last modified on……..: 2012-09-07 16:10:46 GMT

Registrant Info: (FAST-17414158)

Domain Privacy Service
10 Corporate Drive
Suite 300
Burlington, Massachusetts 01803
United States
Phone: +1.8663174678
Fax..:
Email: whois@netfirms.com

Compared to normal amazon.com registration info: it isn’t private, and they publish technical contacts, etc:

AMAZON.COM
Current Registrar: NETWORK SOLUTIONS, LLC.
IP Address: 72.21.211.176 (ARIN & RIPE IP search)
Record Type: Domain Name
Server Type: Other
Lock Status: clientDeleteProhibited
WebSite Status: Active

Visit AboutUs.org for more information about AMAZON.COM
AboutUs: AMAZON.COM

Registrant:
Amazon.com, Inc
Legal Dept, P.O. Box 81226
Seattle, WA 98108-1226
US
Administrative Contact , Technical Contact :
Amazon.com, Inc.
hostmaster@AMAZON.COM
PO BOX 81226
SEATTLE, WA 98108-1300
US
Phone: +1 206 266 4064
Fax: +1 206 266 7010

Record expires on 31-Oct-2022
Record created on 01-Nov-1994
Database last updated on 31-Oct-2012

Those scammers put a lot of pre-work into setting up the scam! Fortunately, their execution sucks.

Comment on Internet Theft and the Holidays by bse

bse — Mon, 07 Jan 2013 17:29:36 +0000

Well, it’s got a valid SPF because it was sent through the google servers. Like all spam that is sent through hacked accounts.

Comment on Internet Theft and the Holidays by mark

mark — Mon, 07 Jan 2013 16:45:58 +0000

Very interesting and spot on other than the 10. addresses. This is quite normal and they are the internal ip addresses at google. Have a look in any other email or send one from your local pc. Since it was sent most likely from a gmail account that could “send as” one of their other domains (payments-amazonmarketplace.com”), it would have all been within google’s own servers so it makes sense they’re all internal ips.

Comment on Internet Theft and the Holidays by Details of an Internet Scam | Varanoid.comVaranoid.com

Details of an Internet Scam | Varanoid.comVaranoid.com — Mon, 07 Jan 2013 16:30:28 +0000

[...] details of an Amazon Marketplace scam. Worth [...]