[nsp-sec] ping google/gmail

Fri Mar 7 14:05:46 EST 2008

It is a 419 scam.
Yes they would like to get money from you.
I imagine a number of people believe it enough and fear the
consequences.

So this is probably fairly successful.

I would love to know how many emails those Google accounts are
receiving.
I think Google should look at all of their deadlykillers accounts but
based on Peter's response to Beth's recommendation I suspect they are
already looking at that.

Peter any chance you can see how many responses are being sent to those
accounts?
Even a vague answer like "lots" would help to validate that this is a
high response 419 scam method.

RM=for(1)
{manage_risk(identify_risk(product[i++]) &&
(identify_threat[product[i++]))}
Donald.Smith at qwest.com giac 

> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net 
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Ross, Jason
> Sent: Friday, March 07, 2008 11:38 AM
> To: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] ping google/gmail
> 
> ----------- nsp-security Confidential --------
> 
> > -----Original Message-----
> > From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> > bounces at puck.nether.net] On Behalf Of Brian Allen
> > Sent: Friday, March 07, 2008 12:45 PM
> > To: nsp-security at puck.nether.net
> > Subject: [nsp-sec] ping google/gmail
> > 
> > It is being used as a drop for a hitman scam threat we are 
> receiving.
> > 
> 
> Anyone got any thoughts on what's up with these?
> We started receiving notificiations about these to our abuse 
> desk about
> 2 weeks ago, and they keep on coming.
> 
> Obviously the intent is to harass and/or get someone to 
> actually pay up
> (every one I've seen has had the same MO: "I've been hired to kill you
> but will give you a chance to prove you want to live if you can pay me
> more", so I guess what I'm really saying is, is there a 
> common thread we
> can look for to stop it? (eg. All being sent via relays that happen to
> be squirrelmail, or something. I say that just because the ones I've
> seen appear to have been sent by exploiting a webmail 
> interface of some
> kind.)
> 
> --
> Jason
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the 
> nsp-security
> community. Confidentiality is essential for effective 
> Internet security counter-measures.
> _______________________________________________
> 
> 

This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful.  If you have received this communication 
in error, please immediately notify the sender by reply e-mail and destroy 
all copies of the communication and any attachments.