runintocash Posted December 3, 2007 Posted December 3, 2007 Hi all, I don't know if this is the right forum to post in, if not my apologies. I am the owner of a website and I just received the below email. This person pretty much stated that if I don't not pay him $50 he will spam people on my behalf that he knows will report me and get my site suspended by my hosting provider. I came here because they mentioned your site by name in the email. Below is the email that I received: Hello admin, First, I must tell you that I know that your program is scam. But, I don't care as long as you are ready to cooperate with me. Well, This is my offer: I have list of a few thousands fresh emails of HYIP users, which I extracted from different hyips in last few months (profx.biz, binor.ru, hk-fund.com, successfuture.biz, tradeinforex.net, timesprofit.net, arivafund.com, etc...) Price: $50 ONLY! You can use this emails to promote your own program. Just imagine how great this offer is and how many investors you can get! You have two options. First option is to decide to cooperate with me and buy email lists from me. Second option, which I don't like, and I belive you will not like it either: I have emails of about 150 thousands emails of SpamCop members. SpamCop is spam fighting tool. Well, all this people hate spam and they report every spam mail to SpamCop. SpamCop automatiocaly reports every link from spam mail to hosting provider which hosts it's site. What it means? Well, if I "promote" (spam) that people with your site address in message body, they will report you, and your hosting provider will receive thousands of spam complaints. They will be forced to shut down your site! I don't like second option. First is much better for both of us. But if you refuse me offer, I will be forced to move to the second option. So, I hope that you will chose what is better... If you don't reply within 24 hours, I will understand it as refuse and I will start working on 'second option'. Regards, Ognjen As proof that I'm serious I'm sending you list of all active investors of arivafund.com. Also, please check their threads on forums like MMG to see what demage I made them. Is this guy for real? Is there any way that I can prevent this person from doing this? Any input or advice is appreciated. Thanks, Mike
Wazoo Posted December 3, 2007 Posted December 3, 2007 ???? Discussion is already ongoing over in the newsgroups on the same query. There are already numerous replies 'over there' .... please see [scspamcop] Someone is trying to blackmail me! Basically, the flow is ... if you want to take it as anything close to 'real' ... contact your ISP/Host and let them know about it. Get a current back-up of the site as it is now, just in case there are other hacks/attacks involved. Get you ISP Account at SpamCop.net to see if you really are getting reported. As far as "where to post" .. this has nothing to do with the SpamCopDNSBL at all, so moving it to the Lounge area.
agsteele Posted December 3, 2007 Posted December 3, 2007 I am the owner of a website and I just received the below email. This person pretty much stated that if I don't not pay him $50 he will spam people on my behalf that he knows will report me and get my site suspended by my hosting provider. Whether this guy is for real or not, it is an attempt to extract money from you under duress. It is, therefore, a crime in most countries. I, personally, would take this up with the department of your local police that handles Hi-Tech or computer crime. They will probably not be able to handle it directly but it may provide additional intelligence to add to the pot. The protections advised are, or course, essential but I would record a crime as well. Andrew
Farelf Posted December 3, 2007 Posted December 3, 2007 Whether this guy is for real or not, it is an attempt to extract money from you under duress. It is, therefore, a crime in most countries. I, personally, would take this up with the department of your local police that handles Hi-Tech or computer crime. They will probably not be able to handle it directly but it may provide additional intelligence to add to the pot. The protections advised are, or course, essential but I would record a crime as well. I would support that advice but, to take it further, the crime is clearly extortion and I very much doubt there is any place where it is not a serious criminal offence. Even if there are jurisdictions where it is not a specific offence (not covered under the criminal code), that will only be because an overlapping jurisdiction covers it instead (Federal-State coverage in Australia for instance). IANAL.
DavidT Posted December 3, 2007 Posted December 3, 2007 As proof that I'm serious I'm sending you list of all active investors of arivafund.com. A brief Google search produced the following mention (on a Russian-language forum) of this person being quoted about "arivafund": http://www.rusmmg.ru/index.php?showtopic=8...ost&p=79713 DT
pwilson Posted December 3, 2007 Posted December 3, 2007 Hi all, I don't know if this is the right forum to post in, if not my apologies. I am the owner of a website and I just received the below email. This person pretty much stated that if I don't not pay him $50 he will spam people on my behalf that he knows will report me and get my site suspended by my hosting provider. I came here because they mentioned your site by name in the email. Below is the email that I received: Thanks, Mike Mike, I just received the same email. Here are all the headers, if anyone can help tracking this idiot down. I sent a copy to Gmail, wonder if they will do anything. Peter. PS: Make sure you keep a copy of the email just in case he does start sending spam in your name. X-Persona: <GWBOPC-ADMIN> Return-Path: <fdgjdfigdsifjgisufdghfdh342[at]gmail.com> Received: from ro-out-1112.google.com (ro-out-1112.google.com [72.14.202.176]) by gwbopc.com (8.13.6.20060614/8.13.6) with ESMTP id lB31UUW7041828 for <admin[at]gwbopc.com>; Mon, 3 Dec 2007 01:30:32 GMT Received: by ro-out-1112.google.com with SMTP id p7so4782006roc for <admin[at]gwbopc.com>; Sun, 02 Dec 2007 17:30:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender:subject:in-reply-to:mime-version:content-type:references:x-google-sender-auth; bh=tN3SbFRT4MxvObEuEk6Ze/O8DIPj8mR9jsIRu3ll1oc=; b=qrfMxlu/CkyH9E/Y4Hsj4HeiDE3LYCax3G43GRt6fv1t0+ckNnLJyE4mGJSJ+fGgzXLJzUJYigBZ3Vn38eq+RQg4Y8XGMYtLlgoT7tQcaikk2SCpLtARyvLAzFSf71Xkxs6dxbNQO2ZRYuoiDArUf5npf5xi1X2l22hZs7rKAX0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:sender:subject:in-reply-to:mime-version:content-type:references:x-google-sender-auth; b=phX/GndENrN+0jnJ6hcalpSPma+XLccuegjVyIMIJuk1gEaZvds+CHzDCZsdmmmO7Sn5/zqyds6xHvPxbuY5F36sX/m64zmXVoBh1BZk4MIvuowxPonEGDYKObTjxzh959GWU/zj1acxFRU5bzGuErAoMw2+uGniK8ySd3bsYEw= Received: by 10.140.180.42 with SMTP id c42mr919158rvf.1196645424186; Sun, 02 Dec 2007 17:30:24 -0800 (PST) Received: by 10.141.99.1 with HTTP; Sun, 2 Dec 2007 17:30:23 -0800 (PST) Message-ID: <9c019b380712021730k22493b76k831567e99667993a[at]mail.gmail.com> Date: Mon, 3 Dec 2007 02:30:23 +0100 From: "Ognjen Kapor" <okapor[at]gmail.com> Sender: fdgjdfigdsifjgisufdghfdh342[at]gmail.com Subject: OFFER - 2 options - PLEASE READ AND REPLY! In-Reply-To: <9c019b380712021729ic9eab2k197db820e8e8e280[at]mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_4794_10691318.1196645423855" References: <9c019b380712021729ic9eab2k197db820e8e8e280[at]mail.gmail.com> X-Google-Sender-Auth: 9238c7e2aaacfe7b To: undisclosed-recipients:; Status:
europaid Posted December 3, 2007 Posted December 3, 2007 Hi, i am a website's Admin. I received a threatening email: Hello admin, First, I must tell you that I know that your program is scam. But, I don't care as long as you are ready to cooperate with me. Well, This is my offer: I have list of a few thousands fresh emails of HYIP users, which I extracted from different hyips in last few months ( profx.biz, binor.ru , hk-fund.com, successfuture.biz, tradeinforex.net , timesprofit.net, arivafund.com, etc...) Price: $50 ONLY! You can use this emails to promote your own program. Just imagine how great this offer is and how many investors you can get! You have two options. First option is to decide to cooperate with me and buy email lists from me. Second option, which I don't like, and I belive you will not like it either: I have emails of about 150 thousands emails of SpamCop members. SpamCop is spam fighting tool. Well, all this people hate spam and they report every spam mail to SpamCop. SpamCop automatiocaly reports every link from spam mail to hosting provider which hosts it's site. What it means? Well, if I "promote" (spam) that people with your site address in message body, they will report you, and your hosting provider will receive thousands of spam complaints. They will be forced to shut down your site! I don't like second option. First is much better for both of us. But if you refuse me offer, I will be forced to move to the second option. So, I hope that you will chose what is better... If you don't reply within 24 hours, I will understand it as refuse and I will start working on 'second option'. Regards, Ognjen As proof that I'm serious I'm sending you list of all active investors of arivafund.com. Also, please check their threads on forums like MMG to see what demage I made them. what can I do?
Telarin Posted December 3, 2007 Posted December 3, 2007 There have been a couple posts of this going around. I would guess it is mostly likely an empty threat (it is unlikely someone could generate enough phoney evidence to get your website shut down). Other advise here has been to report it to local law enforcement, as it is extortion, which is illegal in most places. You might also consider notifying your ISP, and making a backup of your site "just in case".
Wazoo Posted December 3, 2007 Posted December 3, 2007 europaid's 'new' Topic was merged into this one, also being posted into the SpamCopDNSBL Forum section. PM has been sent to advise of this action. There have been a couple posts of this going around. More than a few <g> What it really looks like is that the primary lowlife involved has simply scraped a ton-load of addresses from all sorts of these "make-lots-of-money-at-home" portal/sign-up pages and decided to "hit them all" .... kind of a twist on the old free-for-all type 'link' pages ....
runintocash Posted December 4, 2007 Author Posted December 4, 2007 Whether this guy is for real or not, it is an attempt to extract money from you under duress. It is, therefore, a crime in most countries. I, personally, would take this up with the department of your local police that handles Hi-Tech or computer crime. They will probably not be able to handle it directly but it may provide additional intelligence to add to the pot. The protections advised are, or course, essential but I would record a crime as well. Hello Andrew, I have actually been the victim of online fraud before. Someone went into make bank account and stole money not too long ago. I went to my local police department to file a police report. The next day I got a call from a detective stating there was pretty much nothing they can do as they have no internet crimes department and it was outside of their jurisdiction. The only good filing the police report did was give me the documentation to get my money back from the bank. Local police departments do not have the resources to go after this guy. The FBI may be able to do something but an extortion attempt for $50 I'm sure is not on the top of their priority list. Although it would be great for this guy to get caught! Thanks for your response! I just received the same email. I doubt G-mail will do anything. Their privacy policy protects people like this which is why you can't get their IP from the header. Look at the third line in the header. This is where his IP should show up but instead we are just given googles IP as per their privacy policy. Make sure you notify your ISP/web host and make them aware of the situation so you have everything documented. There have been a couple posts of this going around. I would guess it is mostly likely an empty threat (it is unlikely someone could generate enough phoney evidence to get your website shut down). Other advise here has been to report it to local law enforcement, as it is extortion, which is illegal in most places. You might also consider notifying your ISP, and making a backup of your site "just in case". The more I research the more I start to think you are correct. It is just empty threats. My ISP/web host has already been notified. I have notified the FBI internet crimes division as well as the internet fraud department with the secret service(still awaiting their response). I have a back-up of my site and I back-up MYSQL database everyday. I would like to thank everyone that has responded. Your input and advice is much appreciated. Moderator edit: massive removal of much unneeded quoted content, which also caused the post to explode horizontally, making it a pain to actually try to read .... per the guidance offered in the Forum FAQ, please delete all the unneeded quoted material as part of the quoting and posting steps.
SpamCopAdmin Posted December 4, 2007 Posted December 4, 2007 If the fake emails are sent and your ISP starts getting complaints, you can let me know and I'll set SpamCop to stop reporting the URL the spammer is advertising that is causing you trouble. That way, the source of the emails will get reported, but not your web site. - Don D'Minion - SpamCop Admin - service[at]admin.spamcop.net
agsteele Posted December 4, 2007 Posted December 4, 2007 I have actually been the victim of online fraud before. Someone went into make bank account and stole money not too long ago. I went to my local police department to file a police report. The next day I got a call from a detective stating there was pretty much nothing they can do as they have no internet crimes department and it was outside of their jurisdiction. The only good filing the police report did was give me the documentation to get my money back from the bank. Local police departments do not have the resources to go after this guy. The FBI may be able to do something but an extortion attempt for $50 I'm sure is not on the top of their priority list. Although it would be great for this guy to get caught! Of course, you're absolutely correct. But it should be reported. One $50 attempt multiplied by thousands of victims amounts to a pretty significant attempted fraud. Gathering intelligence can provide the data to tackle a crime across international borders. I once had a call from our credit card company. Their computers had identified an attempt to charge thousands of cards with a $1 admin fee. Presumably the fraudster was hoping that nobody would complain about $1 but he/she would gain millions. Andrew
josemanuelsh Posted July 5, 2008 Posted July 5, 2008 Hello, I am the owner of ClixMX.com, and I received the same type of email a few minutes ago. After searching the forum I see that most of these emails were sent on December 2007, and most recommendations are to report to Gmail, hosting provider and police departments, so I will do that. I just want to post this here to set a precedent. I hope its ok. The original text is: ---------------- Hello admin, First, I must tell you that I know that your program is scam. But, I don't care as long as you are ready to cooperate with me. Well, This is my offer: I have list of 97,651 emails of HYIP users, which I extracted from different hyips in last few months. Price: $200 ONLY! You can use this emails to promote your own program. Just imagine how great this offer is and how many investors you can get! You have two options. First option is to decide to cooperate with me and buy email lists from me. Second option, which I don't like, and I belive you will not like it either: I have emails of about 150 thousands emails of SpamCop members. SpamCop is spam fighting tool. Well, all this people hate spam and they report every spam mail to SpamCop. SpamCop automatiocaly reports every link from spam mail to hosting provider which hosts it's site. What it means? Well, if I "promote" (spam) that people with your site address in message body, they will report you, and your hosting provider will receive thousands of spam complaints. They will be forced to shut down your site! I don't like second option. First is much better for both of us. But if you refuse me offer, I will be forced to move to the second option. So, I hope that you will chose what is better... If you don't reply within 24 hours, I will understand it as refuse and I will start working on 'second option'. Regards, Oskar As proof that I'm serious I'm sending you list of all active investors of profitsaddiction.com -------------------- His attachment has a list of over 100 addresses, and there is no site at profitsaddiction.com. Email headers are: (I removed [at] from my address) -------------------- Received: (qmail 13579 invoked from network); 5 Jul 2008 01:49:30 -0000 Received: from unknown (HELO p3presmtp01-04.prod.phx3.secureserver.net) ([208.109.80.153]) (envelope-sender <oferengi10[at]googlemail.com>) by smtp21-02.prod.mesa1.secureserver.net (qmail-1.03) with SMTP for <admin[at]clixmx.com>; 5 Jul 2008 01:49:30 -0000 Received: (qmail 5457 invoked from network); 5 Jul 2008 01:49:30 -0000 Received: from qb-out-0506.google.com ([72.14.204.235]) (envelope-sender <oferengi10[at]googlemail.com>) by p3presmtp01-04.prod.phx3.secureserver.net (qmail-ldap-1.03) with SMTP for <admin[at]clixmx.com>; 5 Jul 2008 01:49:29 -0000 Received: by qb-out-0506.google.com with SMTP id q18so1714906qba.41 for <admin[at]clixmx.com>; Fri, 04 Jul 2008 18:49:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :subject:mime-version:content-type:x-google-sender-auth; bh=klMvQuAkGTv8FlYxzcTOjcRklSA4MBGPV78Oze8wTR8=; b=ra/IQ9zNaS8b+h2JeX4wXjCiw9uych7i6B9UfndgzJbVeQ4Dh83sbNLrVov7dosq8g vu8OrBFMpqj+vsmUqae16beWb5BOYLBy47qGSLWcQ+FlC8a1eo6sbebuCG/TJ0phrYdf fsd6AtMIeBPLl8Q02Lw3Jxy6xyjt0AeLUInsg= X-BitDefenderWKS-SpamStamp: v1, build 2.6.15.47144, bayes score: 500(0), pbayes score: 0(0), neunet score: 500(0), total: 0 X-BitDefenderWKS-spam: No - 0 DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:sender:subject:mime-version:content-type :x-google-sender-auth; b=DFJ+r+Nu6FhXC2opzD0MX6M99koVNXvBJtbQ7vPWjcgeZFek9ZW8yY0K9pRaOEmnSO 036oQ+QSPpOENW8EDcmdWp+hSVXLmuSEiIqY3nQV9w98E226CiB/GcJPHDV5t8xI4ccY XfiQoAe76ZUyh+hFgBeet0upcTVii8/pvCoTw= Received: by 10.141.204.20 with SMTP id g20mr721532rvq.230.1215222567786; Fri, 04 Jul 2008 18:49:27 -0700 (PDT) Received: by 10.140.192.12 with HTTP; Fri, 4 Jul 2008 18:49:27 -0700 (PDT) Message-ID: <f1068150807041849n64a9438r9427c523474588c1[at]mail.gmail.com> Date: Sat, 5 Jul 2008 03:49:27 +0200 From: "Oskar Ferengi" <oskarferengi[at]gmail.com> Sender: oferengi10[at]googlemail.com Subject: READ AND REPLY! MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_8413_4474797.1215222567782" X-Google-Sender-Auth: 01b66ebf0ca3e87c X-Nonspam: None --------------------- As I said, I will report this to all recommended authorities. For the record, ClixMX.com is not a scam. Regards, Jose Manuel ClixMX.com Admin
Wazoo Posted July 5, 2008 Posted July 5, 2008 I just want to post this here to set a precedent. I hope its ok. And just what "precedent" are trying to set???? Same spam seen all over the place, seemingly targetted towards these silly "get-rich-by-clicking-on-ads" web-sites. As I said, I will report this to all recommended authorities. For the record, ClixMX.com is not a scam. Yeah, but .... hard to call it a legitimate business/enterprise either .... I repeat my comments from Linear Post #9; What it really looks like is that the primary lowlife involved has simply scraped a ton-load of addresses from all sorts of these "make-lots-of-money-at-home" portal/sign-up pages and decided to "hit them all" .... kind of a twist on the old free-for-all type 'link' pages ....
TakeTheGlobe Posted July 6, 2008 Posted July 6, 2008 Someone is threatening our company using "SpamCop" . Please look into this. http://www.taketheglobe.com/forums/showthr...p=1617#post1617
agsteele Posted July 6, 2008 Posted July 6, 2008 Someone is threatening our company using "SpamCop" . Please look into this. http://www.taketheglobe.com/forums/showthr...p=1617#post1617 this is one of many Emails phrased in this fashion. Take a look at the I am being blackmailed thread... I wouldn't be surprised if your message isn't merged with that thread. Andrew
StevenUnderwood Posted July 6, 2008 Posted July 6, 2008 Someone is threatening our company using "SpamCop" . Please look into this. http://www.taketheglobe.com/forums/showthr...p=1617#post1617 This is not the first time we have seen this, in fact there is another recent post that I will be moving this one into using the same exact wording.
TakeTheGlobe Posted July 6, 2008 Posted July 6, 2008 The exact header states. Return-path: <oferengi12[at]googlemail.com> Envelope-to: admin[at]taketheglobe.com Delivery-date: Fri, 04 Jul 2008 19:07:34 -0700 Received: from ag-out-0708.google.com ([72.14.246.242]) by server.taketheglobe.com with esmtp (Exim 4.68) (envelope-from <oferengi12[at]googlemail.com>) id 1KExBW-0003Ye-95 for admin[at]taketheglobe.com; Fri, 04 Jul 2008 19:07:34 -0700 Received: by ag-out-0708.google.com with SMTP id 8so8463934agc.0 for <admin[at]taketheglobe.com>; Fri, 04 Jul 2008 19:07:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :subject:mime-version:content-type:x-google-sender-auth; bh=dd8ATZK2do6hiBhH1San2pvkMsGkCqB2m6JTzFtEpzE=; b=vI+uNWXxtJzYtg8FSaYIj6gR15ZDnJ99s0p+UWr7PBXVbuM60jOkYxXhNtr+aZ66T9 Fm7O+3i7AVjfA4P6KIZ6BYz3sZIWBzfSVLmlOt6dLnjRU/QkcX9cuClf4fykOstTLKyY pEVB2KvZs4NIFBekbHAR/xAqBCVBo7/x08WZE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:sender:subject:mime-version:content-type :x-google-sender-auth; b=uhNKbejEF6PNZxtN6nTsApf8+o/GXPpJfjColcyWog1U2rMyP+2NImls3Yj6pSbRej Vlvbhm1hgwfFz0YtHvjKkJUNAsahQtFkbDeaxrSnkebuYSs91Wd6XU9f/GWmwNMcW8Gu LJDMXILLKmEjUv07VNLe5byi8bSeRw0JqjyJs= Received: by 10.151.112.1 with SMTP id p1mr3028007ybm.141.1215223580808; Fri, 04 Jul 2008 19:06:20 -0700 (PDT) Received: by 10.150.122.20 with HTTP; Fri, 4 Jul 2008 19:06:20 -0700 (PDT) Message-ID: <d23423d30807041906u2c2d67bai3971be3e41e72709[at]mail.gmail.com> Date: Sat, 5 Jul 2008 04:06:20 +0200 From: "Oskar Ferengi" <oskarferengi[at]gmail.com> Sender: oferengi12[at]googlemail.com Subject: READ AND REPLY! MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_15381_5998053.1215223580819" X-Google-Sender-Auth: ed6e8d3cfe6a6d33
Farelf Posted July 7, 2008 Posted July 7, 2008 Please review the previous posts in this (merged) topic. Posting a complaint here is not going to achieve anything. Review How does SpamCop reporting work? if you want to understand why not. To spell it out just a little, all that a SC report would do with that header detail is send a notification to abuse[at]google.com (gmail-abuse[at]google.com used to be another address?) and notch up a "hit" against ag-out-0708.google.com ([72.14.246.242]) - which is not going to do much since the GMail service is predominently "straight" and there are a great number of servers in play - see the "SCBL Rules" in What is the SpamCop Blocking List (SCBL)? and note high regular volume from http://www.senderbase.org/senderbase_queri...g=72.14.246.242 - and the very many other servers used in routing. You can/should report the abuse to Google yourself (it would be ineffective coming from anyone else). If this is a criminal matter it also needs to be addressed by the civil authorities. Hrmmph - "Oskar Ferengi" indeed! If that is the quality of the criminal mastermind involved you should have little to fear. But watch out for Rule 10
A.J.Mechelynck Posted August 17, 2010 Posted August 17, 2010 After reading this whole topic (and I'm not really sorry to "wake up" an old thread — after all, we're in the Lounge), I'm fascinated by the appropriateness of Farelf's sig on the latest post before this one: Plus ça change, plus c'est la même chose. However I cannot help noticing Google's strange notion of "privacy": if you're a spammer, they will protect your "privacy" by not putting proper Received headers on your mail; but to protect yourself from spying by Google, the only solution (says Google CEO) is to change your name…
Recommended Posts
Archived
This topic is now archived and is closed to further replies.