Spoof Emails from freinds Mark Bunker, and Tom Padgett, to perhaps find my location

Lermanet_com

Gold Meritorious Patron
I recognized a pattern which I felt I should share...
I regret I did not save the prior emails, but hindsight is 20/20,

Some time after I started posting about scientology again, after a hiatus, I started to receive emails that would contain some inane statement and a link...

The link, I suspect would capture my IP address, providing some locational information for OSA on my recent travels...

The emails have a sender that is someone I have corresponded with, or know, AND trust. One email said it was Mark Bunker, of course it was not, and I sent him a copy of this...(note [email protected] does NOT exist on my mail server)

Dear Mr Bunker,

Someone is spamming porn links using your name as the mailing name. here is full header and text of message, regards Arnie lerma
PS: I have received ONE other like this but it was targeting Michael Cohen (the UFO guy's) name... and was porn spam

regards
Arnie Lerma

Return-path: <[email protected] >
Envelope-to: [email protected]
Delivery-date: Tue, 19 Jul 2011 16:03:53 -0400
Received: from impinc02.yourhostingaccount.com ([10.1.13.102] helo=impinc02.yourhostingaccount.com)
by mailscan08.yourhostingaccount.com with esmtp (Exim)

id 1QjGWH-00019t-0Z
for [email protected] ; Tue, 19 Jul 2011 16:03:53 -0400
Received: from seo7.aseoserver.com ([64.247.178.178])
by impinc02.yourhostingaccount.com with NO UCE
id 9w3s1h0033rKy5s02w3sR5; Tue, 19 Jul 2011 16:03:53 -0400
X-EN-OrigIP: 64.247.178.178
X-EN-IMPSID: 9w3s1h0033rKy5s02w3sR5
Received: from 189.214.89.29.cable.dyn.cableonline.com.mx ([189.214.89.29]:52522 helo=mail.jennyburke.com)
by seo7.aseoserver.com with esmtpa (Exim 4.69)
(envelope-from <[email protected] >)
id 1QjFdB-0007s6-7W
for [email protected] ; Tue, 19 Jul 2011 15:06:58 -0400
From: "Mark Bunker" <[email protected] >
Subject: Do you think =?UTF-8?B?aXTigJlz?= hot or =?UTF-8?B?aXTigJlz?= not?

The answer is here, my =?UTF-8?B?ZnJpZW5k4oCm?=
To: [email protected]
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
Reply-To: "Mark Bunker" <[email protected] >
Date: Tue, 19 Jul 2011 22:06:51 +0300
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - seo7.aseoserver.com
X-AntiAbuse: Original Domain - lermanet2.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jennyburke.com

--------------------END of spoof email supposedly by Mark Bunker

And here is another, this is a spoof of my friend Thomas Padgett (and past fair game target of scientology), this is also NOT from him or his real email address

Return-path: <[email protected]m >
Envelope-to: [email protected]
Delivery-date: Fri, 12 Aug 2011 18:10:07 -0400
Received: from impinc03.yourhostingaccount.com ([10.1.13.103] helo=impinc03.yourhostingaccount.com)
by mailscan03.yourhostingaccount.com with esmtp (Exim)
id 1Qrzva-0005cN-RS
for [email protected] ; Fri, 12 Aug 2011 18:10:06 -0400
Received: from server.clearbluetenerife.com ([109.203.105.4])
by impinc03.yourhostingaccount.com with NO UCE
id Ka971h00J05inH103a97q5; Fri, 12 Aug 2011 18:09:07 -0400
X-EN-OrigIP: 109.203.105.4
X-EN-IMPSID: Ka971h00J05inH103a97q5
Received: from [190.238.195.135] (port=14696 helo=109.203.105.4)
by server.clearbluetenerife.com with esmtpa (Exim 4.69)
(envelope-from <[email protected] >)
id 1Qrz04-000181-PW
for [email protected] ; Fri, 12 Aug 2011 22:10:42 +0100
From: "Thomas C Padgett" <[email protected] >
Subject: Call me afterwards, Arnaldo
To: [email protected]
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
Reply-To: "Thomas C Padgett" <[email protected] >
Date: Sat, 13 Aug 2011 00:10:51 -0700
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server.clearbluetenerife.com
X-AntiAbuse: Original Domain - lermanet2.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - clearbluetenerife.com

Subject: Call me afterwards, Arnaldo
From: "Thomas C Padgett" <[email protected]>
Date: Sat, August 13, 2011 3:10 am
To: [email protected]
Priority: Normal

Arnaldo , my dear friend! I am really sorry, I did this, but I think you should see that: http://www.nannyservicesguide.com/pistol If you want to talk, let me know, ok? Regards, Thomas C Padgett

------------End of spoof email supposedly but not from my friend Thomas Padgett..

I would appreciate an evaluation of the headers by someone who is familiar with spoofed emails, and wished to alert others that this nonsense is being done. I am assuming that they wished me to click the links to capture my IP addy to find out where I am today... which they will know shortly.. but I know how much the dwarf likes surprises and I aim to please. regards

Arnie Lerma, Lermanet.com Exposing the CON.
 

Ogsonofgroo

Crusader
Re: Spoof Emails from freinds Mark Bunker, and Tom Padgett, to perhaps find my locati

Old rule of thumb is never click unknown links unless your security is very good, ie. closed unused ports, good firewall, proxie up.
When I'm suspicious or curious I do a google-foo 'who is' search, also who.is, example> http://www.who.is/whois/jennyburke.com/

If a spam account becomes an irritant block its IP in your firewall or security features?
Then there are other solutions like these fine folk> http://www.spamcop.net/

And some ( alot) info/help on how/where to report spam/abuses here> http://www.spamlaws.com/reporting-spam.html
IP info finding (I used one or the ones in your above report) example> http://whois.domaintools.com/64.247.178.178

Don't know if this helps you or not Arnie but its the best I can come up with atm.
:cheers:
 

Type4_PTS

Diamond Invictus SP
Re: Spoof Emails from freinds Mark Bunker, and Tom Padgett, to perhaps find my locati

I've noticed over the past year I've received a number of emails from friends and I'd open them up and they would be marketing Viagra or something.

I contacted several of these friends and they didn't know anything about it or in one case they already had been made aware of it by other contacts.

I presume that the problem originated on their end as the email was sometimes addressed to multiple contacts who were also in that persons address book.

If any of you get an email like that from me then please know that I've not started a new business marketing Viagra online. :coolwink::biggrin:
 

programmer_guy

True Ex-Scientologist
Re: Spoof Emails from freinds Mark Bunker, and Tom Padgett, to perhaps find my locati

I've noticed over the past year I've received a number of emails from friends and I'd open them up and they would be marketing Viagra or something.

I contacted several of these friends and they didn't know anything about it or in one case they already had been made aware of it by other contacts.

I presume that the problem originated on their end as the email was sometimes addressed to multiple contacts who were also in that persons address book.

If any of you get an email like that from me then please know that I've not started a new business marketing Viagra online. :coolwink::biggrin:

I got something similar from an old high school friend. I notified her about this and I guess that she finally got the malware removed from her PC.
 
Top