[nsp-sec] ATTN Google, gmail account used in death threat scam
RuthAnne Bevier
ruthanne at caltech.edu
Thu Dec 8 10:47:01 EST 2011
Haven't seen one of these for a while. Sample with full headers below. It seems to have been sent through Gmail, b.james4ever at gmail.com:
Return-Path: <b.james4ever at gmail.com>
Received: by fire-doxen.caltech.edu (Postfix, from userid 60008)
id E18182E50C0F; Thu, 8 Dec 2011 05:16:13 -0800 (PST)
X-Original-To: koracion at caltech.edu
Received: from fire-doxen.imss.caltech.edu (localhost [127.0.0.1])
by fire-doxen-postvirus (Postfix) with ESMTP id 739012E502DB
for <koracion at caltech.edu>; Thu, 8 Dec 2011 05:16:13 -0800 (PST)
X-Spam-Scanned: at Caltech-IMSS on fire-doxen by amavisd-new
X-Spam-Flag: NO
X-Spam-Score: 1.427
X-Spam-Level: *
X-Spam-Status: No, score=1.427 tagged_above=-10000 required=5
tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VERIFIED=0,
FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7,
SPF_PASS=-0.01, SUBJ_ALL_CAPS=1.625, T_TO_NO_BRKTS_FREEMAIL=0.01,
UPPERCASE_75_100=0.5] autolearn=disabled
Received: from mail-vw0-f45.google.com (mail-vw0-f45.google.com
[209.85.212.45])
by fire-doxen-external (Postfix) with ESMTP id 4BFDA2E50449
for <koracion at caltech.edu>; Thu, 8 Dec 2011 05:16:11 -0800 (PST)
Received: by vbbu11 with SMTP id u11so1786347vbb.18
for <koracion at caltech.edu>; Thu, 08 Dec 2011 05:16:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=mime-version:sender:date:x-google-sender-auth:message-id:subject
:from:to:content-type;
bh=ZWA8ZXr87lgJJLjAPbUX6qG5pvm2GoqZGeUknH1GEY8=;
b=ozs56mStePS3qQSYwPPjFK2T0YgIAIMyccA9kzLowmMVsGNAGAKi2Y5DEplOmXd2Ke
pKVJGnuJyZXJ1/ZtWVAoYjg7z+uO0kqMQZz208FZED9A7xQhCy/Px+ScU4JbAb11cbmx
uDkUUUuMOmeudhi2ECLjj7fr+ZnPtkuEFQsnE=
MIME-Version: 1.0
Received: by 10.52.23.83 with SMTP id k19mr1495061vdf.93.1323350108411; Thu,
08 Dec 2011 05:15:08 -0800 (PST)
Sender: b.james4ever at gmail.com
Received: by 10.220.2.145 with HTTP; Thu, 8 Dec 2011 05:15:08 -0800 (PST)
Date: Thu, 8 Dec 2011 13:15:08 +0000
X-Google-Sender-Auth: hKev5q-mjphLA_dVf5T39N9FFOo
Message-ID:
<CAGPSUn09=MWn97yy_DJL64v98KG25KgmdGgNi5d--obLTrRJyg at mail.gmail.com>
Subject: SAD NEWS!!!!
From: "SIR. SLICE MAX" <slicemaxxx at zmail.com>
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary=20cf307c9ef8202b0504b394755d
--20cf307c9ef8202b0504b394755d
Content-Type: text/plain; charset=ISO-8859-1
--
*Re: YOU NEED TO SAVE YOUR LIVE
Attn:
I AM VERY SORRY FOR YOU, IS A PITY THAT THIS IS HOW YOUR LIFE IS GOING TO
END. MY DUTY AS I AM MAILING YOU NOW IS JUST TO KILL YOU AND I HAVE TO DO
IT AS I HAVE ALREADY BEEN PAID.
SOMEONE YOU CALL A FRIEND WANTS YOU DEAD BY ALL MEANS, AND THE PERSON HAVE
SPENT A LOT OF MONEY ON THIS, THE PERSON ALSO CAME TO US AND TOLD ME THAT
HE WANT YOU DEAD AND HE PROVIDED US WITH YOUR NAME, PICTURE AND OTHER
NECESSARY INFORMATION'S WE NEEDED ABOUT YOU. SO I SENT MY BOYS TO TRACK YOU
DOWN AND THEY HAVE CARRIED OUT THE NECESSARY
INVESTIGATION NEEDED FOR THE OPERATION ON YOU, AND THEY HAVE DONE THAT BUT
I TOLD THEM NOT TO KILL YOU THAT I WILL LIKE TO CONTACT YOU, NOT SINCE
THEIR FINDINGS SHOWS THAT YOU ARE INNOCENT.
I CALLED MY CLIENT BACK AND ASK OF YOUR EMAIL ADDRESS WHICH I DIDN'T TELL
HIM WHAT I WANTED TO DO WITH IT AND HE GAVE IT TO ME AND I AM USING IT TO
CONTACT YOU NOW. AS I AM WRITING TO YOU NOW MY MEN ARE MONITORING YOU AND
THEY ARE TELLING ME EVERYTHING ABOUT YOU.
WARNING: DO NOT THINK OF CONTACTING THE POLICE OR EVEN TELL ANYONE BECAUSE
I WILL KNOW. REMEMBER, SOMEONE WHO KNOWS YOU VERY WELL WANT YOU DEAD! I
WILL EXTEND IT TO YOUR FAMILY, IN CASE I NOTICE SOMETHING FUNNY.
DO NOT COME OUT ONCE IT IS 7:PM UNTIL I MAKE OUT TIME TO SEE YOU OF THE
DISCUSSION WITH THE PERSON WHO WANT YOU DEAD FOR ANY LEGAL ACTION.
Name: SIR. SLICE MAX
Email: slicemaxxx at zmail.com <slicexxx at india.com>
*
--
RuthAnne Bevier
Director, Information Security
California Institute of Technology
ruthanne at caltech.edu
626-395-2671
More information about the nsp-security
mailing list