[Spooks] Spooks Digest, Vol 152, Issue 7

Curt Rowlett labyrinththirteen at gmail.com
Tue Mar 7 16:42:06 EST 2017 

Yes, that earlier email was a rather classic attempt at phishing. Since I
use Gmail, that copy of the mailing list email with the phishing link went
directly to my spam folder, instead of my inbox. I simply deleted it.

72, Curt Rowlett
W9SPY

On Tue, Mar 7, 2017 at 11:50 AM, <spooks-request at mailman.qth.net> wrote:

> Send Spooks mailing list submissions to
>         spooks at mailman.qth.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://mailman.qth.net/mailman/listinfo/spooks
> or, via email, send a message with subject or body 'help' to
>         spooks-request at mailman.qth.net
>
> You can reach the person managing the list at
>         spooks-owner at mailman.qth.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Spooks digest..."
>
>
> Today's Topics:
>
>    1. Re: Account Suspension (Chris Malboeuf)
>    2. Re: Suspicious email (Carl Flatman)
>    3. Re: Account Suspension (Tracy Johnson)
>    4. Recent Logs (GUNN STEVE)
>    5. Chase thingy (mchenryproj)
>    6. Re: Account Suspension (planophore at aei.ca)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 7 Mar 2017 15:57:44 +0000
> From: Chris Malboeuf <deserthawk1990 at hotmail.com>
> To: "tmjva at verizon.net" <tmjva at verizon.net>, Shortwave Spy Numbers
>         Stations        <spooks at mailman.qth.net>
> Subject: Re: [Spooks] Account Suspension
> Message-ID:
>         <BLUPR0301MB15883F36F7208784B91BFDE7CA2F0 at BLUPR0301MB1588.
> namprd03.prod.outlook.com>
>
> Content-Type: text/plain; charset="us-ascii"
>
> Are the Chinese hackers phishing?
> 73 Chris
>
> Sent from my iPad
>
> > On Mar 7, 2017, at 7:45 AM, Tracy Johnson <tmjva at verizon.net> wrote:
> >
> > phishing
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 7 Mar 2017 16:50:04 +0000
> From: Carl Flatman <carlkflatman at gmail.com>
> To: Shortwave Spy Numbers Stations <spooks at mailman.qth.net>
> Subject: Re: [Spooks] Suspicious email
> Message-ID:
>         <CANHov-kNUnONqhkc1Aq6pCiRkbs2q-9+Cs-V0F63AtsVOf=
> ZEA at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> Hi Geir, I had the same email today looks very suspicious I just deleted
> it. And who does financial transactions on a shortwave information exchange
> forum.
>
> Sent By Carl From My Tablet
> In North Bedfordshire UK :-)
>
> On 7 Mar 2017 15:40, "la6lu at online.no" <la6lu at online.no> wrote:
>
> > Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from
> > this list
> >
> > Hi
> >
> > Is this (below) a genuine mail from this list ? I doubt it and don't like
> > the link (Who the heck is awanistudento<dot>com?)
> > If it is indeed correct this breaks with what is common practice: Never
> > click on such a link from an email.
> > (it is me who have obscured the link with<dot> below)
> > Can somebody confirm if this is genuine or not please.
> > Thanks...
> >
> > Best 73's from
> > Geir, LA6LU
> >
> > Hi,
> > Due to a recent compromise of our servers by some chinese hackers, It has
> > been mandated that we carry out an integrity check to isolate and disable
> > all
> > suspicious accounts. For now we have already placed a red flag on several
> > accounts
> > thereby preventing them from carrying out any financial transactions
> > whatsoever.
> > To ensure that your account was not compromised, you are required to
> > ascertain
> > your identity, failure to do this within 24 hours will lead to account
> > service
> > suspension.
> > Login and Ascertain Your Identity
> > <http://awanistudento<dot>com/bin/enhance/portal/expandUrl.php?id=
> > spooks at mailman.qth.net>
> > Thanks for your anticipated co-operation and understanding.
> > The Accounts Team,
> > For Chase Online
> > __________________
> >
> > ______________________________________________________________
> > Spooks mailing list
> > Home: http://mailman.qth.net/mailman/listinfo/spooks
> > Help: http://mailman.qth.net/mmfaq.htm
> > Post: mailto:Spooks at mailman.qth.net
> >
> > This list hosted by: http://www.qsl.net
> > Please help support this email list: http://www.qsl.net/donate.html
> >
>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 07 Mar 2017 11:19:53 -0600 (CST)
> From: Tracy Johnson <tmjva at verizon.net>
> To: spooks at mailman.qth.net
> Subject: Re: [Spooks] Account Suspension
> Message-ID:
>         <17105508.310383.1488907193835.JavaMail.root@
> vms170027.mailsrvcs.net>
> Content-Type: text/plain; charset=UTF-8
>
>  On 03/07/17, Chris Malboeuf wrote:
>
> > Are the Chinese hackers phishing?
> > 73 Chris
>
>
> Depends if you really think they were Chinese.  ;-)
> 73's
>
>
> Tracy Johnson
> Old fashioned text games hosted below:
> http://empire.openmpe.com/empire/
> BT
>
>
>
>
>
>
>
> NNNN
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 7 Mar 2017 17:23:18 +0000 (GMT)
> From: GUNN STEVE <steven.gunn1 at ntlworld.com>
> To: "Spooks at mailman.qth.net" <spooks at mailman.qth.net>
> Subject: [Spooks] Recent Logs
> Message-ID:
>         <702067625.2779742.1488907398846.JavaMail.open-
> xchange at oxbe1.tb.ukmail.iss.local>
>
> Content-Type: text/plain; charset=UTF-8
>
>
> NUMBERS LOG 2017 001
> ID      FREQ    DATE    UTC     DAY     CODE    DETAILS
> 34      6304    24/02/2017      20:00:00        FRI     E11     571/00
> 38      5877    01/03/2017      21:00:00        WED     E07     825 825
> 825 000
> 39      3894    04/03/2017      21:00:00        SAT     S06s
> 40      12112   05/03/2017      07:43:00        SAT     E07
> 41      10448   05/03/2017      16:25:00        SAT     E11     977/00
> 42      8270    06/03/2017      08:41:00        MON     S06s
>
> ------------------------------
>
> Message: 5
> Date: Tue, 07 Mar 2017 12:53:54 -0500
> From: mchenryproj <mchenryproj at yahoo.com>
> To: spooks at mailman.qth.net
> Subject: [Spooks] Chase thingy
> Message-ID: <ty1h2ffmndoiqy4965ejr0ma.1488909170117 at email.android.com>
> Content-Type: text/plain; charset=utf-8
>
> The root of the url it asks you to click on takes you to a student housing
> building in, of all places, Java. Now that's just the server holding the
> account so the real bad guys could be anywhere, or some wise-guy student in
> Java. Reguardless, if anyone wants to report the account to the folks
> holding the account, you can find contact info on their site at :?
> http://awanistudento.com
> :)
> S, out.
> Sent from my dumb smartphone.Spell checked by the NSA.
>
> ------------------------------
>
> Message: 6
> Date: Tue, 07 Mar 2017 19:27:53 +0000
> From: <planophore at aei.ca>
> To: "Shortwave Spy Numbers Stations" <spooks at mailman.qth.net>
> Subject: Re: [Spooks] Account Suspension
> Message-ID: <201703071927.v27JRrBS018912 at web001.aei.ca>
> Content-Type: text/plain; charset=ISO-8859-1
>
> That is how they do it - they "spoof" and email address, make it look
> like the owner of a particular email address has in fact sent the email
> address. Far easier and far more common that "hacking into" someones
> email account. Getting a hold of someones or some businesses email
> contact list can provide many (many) valid emails to use for these
> nefarious purposes.
>
> I always found it a bit funny when these sorts of emails start appearing
> and the first thing someone suggests is that "someones email account
> has got hacked".
>
> Spoofing or forging email has been around a very long time, tools to
> detect such forged emails is getting better but there always seems to be
> some new wrinkle which allows them to fall through the cracks.  Service
> providers use blacklists of servers which are known as sources for such
> crap, email sent from one of those servers regardless of the address is
> simply ignored.
>
> cheers, Graham
>
>
> On 3/7/2017, "Chris Smolinski" <csmolinski at blackcatsystems.com> wrote:
>
> >Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe from
> this list
> >
> >Looks like spam that forged my email address. I don???t think they got
> into anyone???s email account, but I wonder if they got a list of group
> owner email addresses from a break-in at qsl.net?
> >
> >> On Mar 7, 2017, at 10:28 AM, Zack Widup <w9sz.zack at gmail.com> wrote:
> >>
> >> Visit http://mailman.qth.net/mailman/listinfo/spooks to unsubscribe
> from this list
> >>
> >> How are they doing this? This was made to look like it came from Chris's
> >> e-mail address. Did it actually originate there, or did they send it
> from
> >> some other account using Chris's e-mail address as the address in the
> >> e-mail?
> >>
> >> Someone just sent one of these to another group using MY e-mail address.
> >> I'm the owner of that particular group. So I'm concerned about how
> they're
> >> doing this. I did change my personal e-mail account password.
> >>
> >> 73, Zack
> >>
> >
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> ______________________________________________________________
> Spooks mailing list
> Home: http://mailman.qth.net/mailman/listinfo/spooks
> Help: http://mailman.qth.net/faq.htm
> Post: mailto:Spooks at mailman.qth.net
> -
> Visit http://www.spynumbers.com/ for complete information about Spy
> Numbers Stations
>
>
> ------------------------------
>
> End of Spooks Digest, Vol 152, Issue 7
> **************************************
>

More information about the Spooks mailing list