by Another Guest » Thu Oct 14, 2004 9:47 am
Because I give a different spamgourmet address to each and every one of my contacts, I have been able to identify 4 computers (belonging to friends) hijacked by spam remailers and 6 scams. Most of the scams were obvious, of course, such as the 'friend' who gave the 'Nigerian' guy my email address; I knew from the spamgourmet address that my 'friend' was my dog's Petfinder posting.
The latest of these of these scams, however, is a real winner.
As of this moment, I believe someone is running a Phishing operation FROM A SUBDOMAIN IN MY ISPs OWN SERVER (I will not name the ISP until I am dead-dead certain). If I am right, this is one BRILLIANT operator: His relay gets raw material dynamically from the ISPs own normal page, and only replaces a little bit of boilerplate text with a form for the victim to enter account and password. This way, his pages look not just real, but real-time; if the ISP changes their page, the scammer's page shows those changes instantly.
The best part is that using spamgourmet shows me that my emails to the fraud department are being intercepted and THE SCAMMER IS REPLYING TO THEM. I sent my report anonymously, from an unrelated server, using a spamgourmet return address. No one at the ISP could connect my name or ISP account with my report; yet I received the same 'that URL is legitimate, and thank you' message at both MY ACCOUNT EMAIL ADDRESS AND THE SPAMGOURMET ADDRESS. Therefore, the thank you note had to be a fraud, and my report had to have been intercepted!
Josh and Syskoll should partner up with Sherlock Holmes...