LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   General (https://www.linuxquestions.org/questions/general-10/)
-   -   genuine or phishing for email address (https://www.linuxquestions.org/questions/general-10/genuine-or-phishing-for-email-address-762136/)

Wim Sturkenboom 10-15-2009 11:58 AM
genuine or phishing for email address
 
I'm the (acting) webmaster for the Roodepoort Hiking Club (RHC). I received the following email and I'm trying to figure out if this is a genuine request or some kind of phishing. I went to whois to check the domains, but still can't figure it out.

Quote:
From: loudyn.onenet@gmail.com
Reply-To: loudyn.onenet@gmail.com
To: address1@rhc.co.za
Subject: Re:Internet copyright of Rhc(To Principal)
Date: Mon, 12 Oct 2009 15:36:21 +0800 (09:36 SAST)


Dear President&CEO,
We are a professional intellectual property right consultant organization in Asia, who mainly deal with the global domain name registration and internet intellectual property right protection.
Right now we have an important issue to confirm with you. On October .9. 2009, we formally received an application, one company named " Jacken S&T Info Corp." applied for the brand keyword " Rhc" and following domain names:
rhc.cc
rhc.com.hk
rhc.hk
rhc.tw

with our organization
During our preliminary investigation, we found that these domain names' keyword is identical with your trademark. I wonder whether you consigned Jacken company to register these domain names with us? Or is Jacken company your business partner or distributor in Asia? If you have no relationship with this company, we assume that they have other purposes to obtain these domain names.
Currently, we have already postponed this company's application temporarily. Therefore please let the relevant person make a confirmation with me by telephone or email as soon as possible.

Thanks & Regards,

Loudyn


Web: http://www.china-onenet.hk
Tel: 00(852)-9566-0489
00(852)-9566-0103
Fax: 00(852)-3019-7872
Mail:Loudyn@chinaonenet.org & Loudyn@china-onenet.net
P Please consider the environment before printing this e-mail.
//edit
Note that address1@rhc.org.za does not exist to my knowledge.

Code:
Return-path: <loudyn@china-onenet.net>
Envelope-to: addres2@rhc.org.za
Delivery-date: Mon, 12 Oct 2009 09:36:54 +0200
Received: from mail.mail110.cn4e.com ([218.107.207.110]) by mx01.gam.co.za
        with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <loudyn@china-onenet.net>)
        id 1MxFSe-000OS0-Ne for webmaster@rhc.org.za; Mon, 12 Oct 2009 09:36:54
        +0200
Received: by mail.mail110.cn4e.com (Postfix, from userid 12346) id
        CA9D342C5CA; Mon, 12 Oct 2009 15:36:21 +0800 (CST)
To: info@rhc.co.za
Subject:
        =?UTF-8?B?UmU6SW50ZXJuZXQgY29weXJpZ2h0IG9mICAgUmhjKFRvIFByaW5jaXBhbCk=?=
From: loudyn.onenet@gmail.com
Reply-To: loudyn.onenet@gmail.com
Date: Mon, 12 Oct 2009 15:36:21 +0800
Disposition-Notification-To: <loudyn@china-onenet.net>
Mime-Version: 1.0
X-Mailer: 35 Intelli-AntiSpam Mail System V2.0 (x64) ~ www.35.com
Content-Type: multipart/alternative; boundary="=====4ad2dc75acf9d====="
X-Priority: 1
Message-Id: <20091012073621.CA9D342C5CA@mail.mail110.cn4e.com>
X-Evolution-Source: pop://webmaster%40rhc.org.za@pop3.gam.co.za/


This is a multi-part message in MIME format.

--=====4ad2dc75acf9d=====
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: base64
...
...
// edit
note that address2@rhc.org.za does exists

//edit
What I don't trust are the 'mismatches' between email addresses (address1@rhc.org.za and address2@rhc.org.za for the recipient and ...@gmail.com, ...@chinaonenet.org etc for the 'sender'.


Any help appreciated.

PS edited after jeebiz' reply

Jeebizz 10-15-2009 12:03 PM
I don't trust it at all. I would just say ignore it and delete it. Chances are if whoever sent this gets no reply, maybe they will try to 'threaten' you with 'legal' action, but I doubt it. If you don't bite, I am sure the scammer will just move along now, thank you very much.

/dev/me 10-15-2009 12:46 PM
Preliminary investigations??

As in, they didn't bother to enter the url in the address bar of their favorite browser and gotten to see the 'Roodepoort Hiking Club' website, which would have answered their question directly and without human interference?

No sir, I bet the "Jacken S&T Info Corp", who did not turn up in a quick google (first page only) are offering a lot of money for your url if you reply. And I bet there are some fees attached that have to be paid up front... etcetera etcetera ad nauseum


ITS GOOD TO SEE SOME SCAMMERS DONT HAVE THEIR MOST VALUABLE CAPS LOCK ON THOUGH

Jeebizz 10-15-2009 12:46 PM
I've been hunting around, and perhaps you might want to talk to someone more learned in such fields of scams. This site came up: http://www.scamwarners.com/forum/

Maybe post your message there, I am sure you will get a better response. I still don't quite trust the message, but I am pretty sure those guys there can confirm both our suspicions. Good luck.

Wim Sturkenboom 10-15-2009 01:30 PM
Thanks Jeebizz, found this one over there

http://www.scamwarners.com/forum/vie...+one+net#p7508

Looks very similar

lumak 10-15-2009 03:50 PM
I thought the whole point in web addresses was that anybody could register any domain name. Unless large corporation A starts fighting for it. Honestly, Fox should of had to pay the demands of the domain owner of www.thesimpsonsmovie.com if they wanted it that bad.

Not like Fox owns the name "simpson"

schneidz 10-15-2009 04:16 PM
looks like you could be the next nissan.com

smeezekitty 10-15-2009 05:53 PM
spam scam LOL


All times are GMT -5. The time now is 04:03 AM.