[ RadSafe ] Scammer is using radsafe harvested addresses - beware

Dimiter Popoff didi at tgi-sci.com
Thu Mar 26 00:08:17 CDT 2015


They do all sorts of things and they usually are obvious to the trained
eye (mine is pretty well trained as I view all of my incoming email manually
in an old fashioned way, so I see a few hundreds of spam emails a day - takes
me a second per 1 to 3 messages to discard).

I had a call recently trying to find out my physical address - "we want to send
you some printed materials". "Did you see the  website contact info?"
"Yes but we got our mail returned" (nonsense, the post box
is huge). For whatever reason they wanted my "Penemuende" address
(this how a friend called my R&D lab location many years ago... :-)
being after me personally or after what I have here.

I think we must turn into normal practice to regard any information
which we have used online as public, period. Some ways of using it
are less likely to cause a leak than others but none is guaranteed to be
safe. Risk levels are different so it is a matter of risk assessment,
I suppose we all underestimate how high the lowest risk value is.

In the case of the scam email which compelled me to post initially (post
pasted at the end of this message) the scammer had used an email he got
from the list (public info) and had targeted privately other email
addresses he had got from the same list (also public info) hoping
to use a connection between the attacked address and the person he
pretended to be).

Dimiter

------------------------------------------------------
Dimiter Popoff, TGI             http://www.tgi-sci.com
------------------------------------------------------
http://www.flickr.com/photos/didi_tgi/sets/72157600228621276/

>Date: Wed, 25 Mar 2015 22:25:04 -0600
>From: Dan McCarn <hotgreenchile at gmail.com>
>To: "The International Radiation Protection (Health Physics) Mailing List"
>	<radsafe at health.phys.iit.edu>
>
>Hi Group:
>
>Several times last week, someone called regarding an "error" in one of our
>computer systems. When he called while I was home, it turned out it was a
>scam and it is very likely he that he got the contact information from
>RADSAFE. When I challenged him, he uttered a string of profanities and
>hung-up. BTW, he was asking about a WIndows 7 installation, which we have
>none. Since I follow procedure and identify myself when I comment on
>RADSAFE, my information is already out there...
>
>Dan ii
>
>Dan W McCarn, Geologist
>108 Sherwood Blvd
>Los Alamos, NM 87544-3425
>+1-505-672-2014 (Home – New Mexico)
>+1-505-670-8123 (Mobile - New Mexico)
>HotGreenChile at gmail.com (Private email) HotGreenChile at gmail dot com
>
>On Wed, Mar 25, 2015 at 9:18 AM, Sander Perle <sandyfl at cox.net> wrote:
>
>> Thanks Dimiter,
>>
>> I did not receive one of these here on Radsafe, but I did receive this
>> about
>> 2 weeks ago (modified a little to fit the circumstances) supposedly from my
>> Insurance Agent. It had her Signature Line with name, address, phone
>> numbers
>> and License Number. The phone and license as well as the e-mail were
>> incorrect, so I knew that it was a scam. I also contacted her colleagues
>> and
>> subsequently, I did hear from the ³real² person who confirmed that her
>> account had been hacked.
>>
>> I hope that you wrote the real person on Radsafe to let them know that
>> their
>> Contact List had been hacked.
>>
>> Regards,
>>
>> Sandy
>> Retired, Consultant
>>
>
>

My initial message:

>To: <radsafe at health.phys.iit.edu>
>From: Dimiter Popoff <didi at tgi-sci.com>
>Subject: Scammer is using radsafe harvested addresses - beware
>Date: Wed, 25 Mar 2015 4:39:05 +0200
>
>I just got a private email looking as if it comes from one of our
>regular posters (i.e. the From: field in the header was his, this is
>quite easy to be spoofed by anybody).
>
>The text was clearly a scam - I did not believe for a second this
>person would send me such an email - so I looked harder to see what
>did the scammer plan to do.
>
>Turned out the clumsiest of things, he had set a different "Reply-to:"
>field; so someone who would not bother checking would think he would
>be replying to the legitimate address (the one in the "From:" field)
>while in fact he would be replying to the other, scammers (designed to
>look similar to the legit one) address from the "Reply-to:" field.
>
>Clearly someone is targeting radsafe listmembers - beware.
>If in doubt about the identity of emails received privately look
>at the message header (look for something like "see original message",
>"show full message", "show message header"). The header is typically
>largish - 10 to 30 lines if not more. You have to locate the lines starting
>with "From:" and "Reply-to:". If the email address (just the part containing
>the @) in the Reply-to: field does not match the one in the "From:"
>field it is likely a scam (it is still possible the Reply-to: could
>be a legitimate address but you should be able to know/verify that).
>
>Dimiter
>
>------------------------------------------------------
>Dimiter Popoff, TGI             http://www.tgi-sci.com
>------------------------------------------------------
>http://www.flickr.com/photos/didi_tgi/sets/72157600228621276/
>
>
>Here is an excerpt from the message I got (the stolen identity hidden):
>
>> Received: from User (S0106003048dfefd8.gv.shawcable.net [184.66.129.251])
>> 	by mtaout-mab02.mx.aol.com (MUA/Third Party Client Interface) with ESMTPA id DF4E03800009B;
>> 	Tue, 24 Mar 2015 11:48:17 -0400 (EDT)
>> Reply-To: **********@yahoo.com>
>> From: ************ <********@***.com>
>> Subject: ***********...................I need your Help
>> Date: Tue, 24 Mar 2015 16:49:46 +0100
>> 
>>  I hope you get this on time. Sorry I didn’t inform you about my trip 
>> to Philippines for a program because it was impromptu. The program was
>> successful, but our journey has turned a disaster. We were robbed at 
>> the park where we went for sight seeing and all my valuables were stolen
>> including cash and cell phone and I sustained some cut on my right arm
>> in the process, which is seriously painful.  I've reported to the Embassy
>> here but their response was too casual. I am sorry if I am inconveniencing
>> you, but my problem is my return flight leaves in few hours from now 
>> and I am out of cash to settle my hotel bills and the hotel manager won't
>> let me leave until I settle the bills, Please I need your help with a
>> short loan, all I need is $1,920. I promise to repay you immediately 
>> I return home. Please don’t inform anyone about my trip, am so embarrassed
>> of myself already. Let me know if you can help me with the money.   
>> 
>> ************ ( the corect signature)
>> 



More information about the RadSafe mailing list