LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 10-15-2009, 11:58 AM   #1
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
Question genuine or phishing for email address


I'm the (acting) webmaster for the Roodepoort Hiking Club (RHC). I received the following email and I'm trying to figure out if this is a genuine request or some kind of phishing. I went to whois to check the domains, but still can't figure it out.

Quote:
From: loudyn.onenet@gmail.com
Reply-To: loudyn.onenet@gmail.com
To: address1@rhc.co.za
Subject: Re:Internet copyright of Rhc(To Principal)
Date: Mon, 12 Oct 2009 15:36:21 +0800 (09:36 SAST)


Dear President&CEO,
We are a professional intellectual property right consultant organization in Asia, who mainly deal with the global domain name registration and internet intellectual property right protection.
Right now we have an important issue to confirm with you. On October .9. 2009, we formally received an application, one company named " Jacken S&T Info Corp." applied for the brand keyword " Rhc" and following domain names:
rhc.cc
rhc.com.hk
rhc.hk
rhc.tw

with our organization
During our preliminary investigation, we found that these domain names' keyword is identical with your trademark. I wonder whether you consigned Jacken company to register these domain names with us? Or is Jacken company your business partner or distributor in Asia? If you have no relationship with this company, we assume that they have other purposes to obtain these domain names.
Currently, we have already postponed this company's application temporarily. Therefore please let the relevant person make a confirmation with me by telephone or email as soon as possible.

Thanks & Regards,

Loudyn


Web: http://www.china-onenet.hk
Tel: 00(852)-9566-0489
00(852)-9566-0103
Fax: 00(852)-3019-7872
Mail:Loudyn@chinaonenet.org & Loudyn@china-onenet.net
P Please consider the environment before printing this e-mail.
//edit
Note that address1@rhc.org.za does not exist to my knowledge.

Code:
Return-path: <loudyn@china-onenet.net>
Envelope-to: addres2@rhc.org.za
Delivery-date: Mon, 12 Oct 2009 09:36:54 +0200
Received: from mail.mail110.cn4e.com ([218.107.207.110]) by mx01.gam.co.za
        with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <loudyn@china-onenet.net>)
        id 1MxFSe-000OS0-Ne for webmaster@rhc.org.za; Mon, 12 Oct 2009 09:36:54
        +0200
Received: by mail.mail110.cn4e.com (Postfix, from userid 12346) id
        CA9D342C5CA; Mon, 12 Oct 2009 15:36:21 +0800 (CST)
To: info@rhc.co.za
Subject:
        =?UTF-8?B?UmU6SW50ZXJuZXQgY29weXJpZ2h0IG9mICAgUmhjKFRvIFByaW5jaXBhbCk=?=
From: loudyn.onenet@gmail.com
Reply-To: loudyn.onenet@gmail.com 
Date: Mon, 12 Oct 2009 15:36:21 +0800
Disposition-Notification-To: <loudyn@china-onenet.net>
Mime-Version: 1.0
X-Mailer: 35 Intelli-AntiSpam Mail System V2.0 (x64) ~ www.35.com
Content-Type: multipart/alternative; boundary="=====4ad2dc75acf9d====="
X-Priority: 1 
Message-Id: <20091012073621.CA9D342C5CA@mail.mail110.cn4e.com>
X-Evolution-Source: pop://webmaster%40rhc.org.za@pop3.gam.co.za/


This is a multi-part message in MIME format.

--=====4ad2dc75acf9d=====
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: base64
...
...
// edit
note that address2@rhc.org.za does exists

//edit
What I don't trust are the 'mismatches' between email addresses (address1@rhc.org.za and address2@rhc.org.za for the recipient and ...@gmail.com, ...@chinaonenet.org etc for the 'sender'.


Any help appreciated.

PS edited after jeebiz' reply

Last edited by Wim Sturkenboom; 10-15-2009 at 12:16 PM.
 
Old 10-15-2009, 12:03 PM   #2
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware 14.1 64-bit with multilib
Posts: 2,075

Rep: Reputation: 210Reputation: 210Reputation: 210
I don't trust it at all. I would just say ignore it and delete it. Chances are if whoever sent this gets no reply, maybe they will try to 'threaten' you with 'legal' action, but I doubt it. If you don't bite, I am sure the scammer will just move along now, thank you very much.
 
Old 10-15-2009, 12:46 PM   #3
/dev/me
Member
 
Registered: May 2008
Distribution: Slackware 13
Posts: 116

Rep: Reputation: 20
Preliminary investigations??

As in, they didn't bother to enter the url in the address bar of their favorite browser and gotten to see the 'Roodepoort Hiking Club' website, which would have answered their question directly and without human interference?

No sir, I bet the "Jacken S&T Info Corp", who did not turn up in a quick google (first page only) are offering a lot of money for your url if you reply. And I bet there are some fees attached that have to be paid up front... etcetera etcetera ad nauseum


ITS GOOD TO SEE SOME SCAMMERS DONT HAVE THEIR MOST VALUABLE CAPS LOCK ON THOUGH
 
Old 10-15-2009, 12:46 PM   #4
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware 14.1 64-bit with multilib
Posts: 2,075

Rep: Reputation: 210Reputation: 210Reputation: 210
I've been hunting around, and perhaps you might want to talk to someone more learned in such fields of scams. This site came up: http://www.scamwarners.com/forum/

Maybe post your message there, I am sure you will get a better response. I still don't quite trust the message, but I am pretty sure those guys there can confirm both our suspicions. Good luck.
 
Old 10-15-2009, 01:30 PM   #5
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Original Poster
Rep: Reputation: 282Reputation: 282Reputation: 282
Thanks Jeebizz, found this one over there

http://www.scamwarners.com/forum/vie...+one+net#p7508

Looks very similar
 
Old 10-15-2009, 03:50 PM   #6
lumak
Member
 
Registered: Aug 2008
Location: Phoenix
Distribution: Arch
Posts: 799
Blog Entries: 32

Rep: Reputation: 109Reputation: 109
I thought the whole point in web addresses was that anybody could register any domain name. Unless large corporation A starts fighting for it. Honestly, Fox should of had to pay the demands of the domain owner of www.thesimpsonsmovie.com if they wanted it that bad.

Not like Fox owns the name "simpson"
 
Old 10-15-2009, 04:16 PM   #7
schneidz
Senior Member
 
Registered: May 2005
Location: boston, usa
Distribution: fc-15/ fc-20-live-usb/ aix
Posts: 4,087

Rep: Reputation: 634Reputation: 634Reputation: 634Reputation: 634Reputation: 634Reputation: 634
looks like you could be the next nissan.com
 
Old 10-15-2009, 05:53 PM   #8
smeezekitty
Senior Member
 
Registered: Sep 2009
Location: Washington U.S.
Distribution: M$ Windows / Debian / Ubuntu / DSL / many others
Posts: 2,230

Rep: Reputation: 173Reputation: 173
spam scam LOL
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Get name from email address scoop_yo General 4 09-16-2009 09:19 PM
run a shell script/cronjob when any email arrive to specific email address ikillu Linux - General 3 05-30-2009 08:18 AM
Creating A Second Email Address For Email Account On Sendmail treedstang Linux - Software 1 04-27-2004 10:31 PM
email to more address at once mairul Linux - Newbie 4 03-18-2004 12:19 AM
sending an email to a email address after a perl operation meluser Programming 9 04-07-2003 01:26 PM


All times are GMT -5. The time now is 07:15 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration