heads up my email has been hacked

[Bernice Moore]

so if you get any email from me today or, i'll let you know when, it is not from moi, there has been one received that i know of asking for money, deete it, do nothing least of all sending any money, that is not from me, i will let you know when this has been taken care of the research world is such a grand place, ain't it, thanks all.best b

[Jack White]

I just got the email and immediately posted a message here to contact you.

We were both sending the warnings at the same time.

Jack

[John Dolva]

Sure is. Apparently I have a Paypal account, Pfizer is eager to sell me medicine (wikileaks), and apparently I am a member of Facebook (which I think is one giant data-mining Virus.

[Bernice Moore]

Sure is. Apparently I have a Paypal account, Pfizer is eager to sell me medicine (wikileaks), and apparently I am a member of Facebook (which I think is one giant data-mining Virus.

:lol:thank goodness, i do not belong to facebook or sell medicine... here is a copy of the email that magda received, if any get such, discard or perhaps save them for when all is corrected it may help the server to track them,whatever, sorry about this if any are bothered, it is not moi..thanks b

Here is the text of the email:

I'm Sorry I didn't inform you about my trip to Spain for a program,I am presently in Madrid Spain,something extremely awful happened to me,I was mugged at gun point on my way to the Hotel by some Hoodlums and they made away with my Bag and other valuables. Presently my things are been held down by the hotel management due to my inability to pay the hotel bills which I currently owe,they even had to restrict my access to the hotel facilitates until outstanding bills are cleared and i don't have any money on me again,i had to walk down to the city library in order to send you this email.I have spoken to the embassy here but they are not responding effectively to the matter.

This is really shameful,I need you to help me with a loan of 2,600 Euro to pay my hotel bills and get my self back home.I will reimburse you soon as I get back Home, with all the interest.I will appreciate whatever you can assist me with. Let me know Immediately

Bernice

iam in SPAIN, LOL, LLH

Edited January 3, 2011 by Bernice Moore

[David Williams]

Ive just recieved and deleted that e-mail from you Bernice.

Dave x

[John Dolva]

Funnily enough it got to my private edress, not the dummy one. ie. sender may be idable.

Encoding (with edresses x'd:

''Flag this message

NEED YOUR HELP

Monday, 3 January, 2011 11:30 AM

From Bernice Mon Jan 3 11:30:43 2011

X-Apparently-To: xxxxxxxxxxxxxxxxxu via 67.195.23.45; Mon, 03 Jan 2011 03:30:46 -0800

Return-Path: <xxxxxxxxxxxxxxx>

X-YahooFilteredBulk: 98.139.52.246

Received-SPF: none (mta1274.mail.mud.yahoo.com: domain of xxxxxxxxxxxxxxxxxxx does not designate permitted sender hosts)

X-YMailISG: gkMFYBIcZAoijlOJ8ej.7cjL_JfYFJi2QYqeudYPuT.zJJlZ AH.NFFAJIO6bMW2cXnHgqBan0j_WKJOPxCfuGl0l6VP68GBKtXplKv_wyPps ZoZIAUiOcO6dZj1GzzCzAgVeztUWqDldgLtgS1rXiWmig1s.nvcYYJCFNVyd aDwUuExYtHg.2D5Ldfop6dNgwhktLlxjjuOIBEsUbsZMV5YJxzcughC7VCcO kwDac77dOO4EsDm5ESOOgLMMftQxtAkk8yLaiT5l8TCtBikrhK2a_Qo18k_t DgtzbPqlv0cM0WjBE9q4a16J5Stn3lvO0HsW1bbJg_CjA.hib2QdY0yZeixK WZNlowY6KZLfdYNDPgEcSfPsNqHCDAC_xgs.Q4R0hHp0uDCM9siwwoAB91Vc EDmTzcDBVe5S0itHOEOjYzpw3aQkr3GyHgAj4f3X1sqbBr.6owUsvJq9uuYo ISFIGh9FStcWWOxj2W0BlzmBZxMLTylxbNCIOdqbAG_8Fr92reh1x0fVpw7J 6s4tfzrVMP6sK6VUATVny9pBzQfvarw5Zlmv6lGQok_0w5fowhan310BWBaH pUNstR4IvtKnmJpMSIASWBlrW26VNR.Xi.zXlxiaTNZ4z1lUdzPP_GRLTbQU ziX6Lo11gX5kstJMW8SK8WPLZMzSsBO4rtK6QsWEDskB25P13x1h4do1pthB zKyXOlYlMxh115l8AnBnMLtV8NDhjfzIqDtReLX.QxU7_x713sJI6zdv6B3F jL82Q846NAMo56SLspZRJMEs8SrblNaahnGiU1Z3KhRYX.w_CyVNnQ9NKXY6 2ee0y6ykUWs5LTP.YxpdD_EG0ggnVSwfgb9fRjb.RhogieXSNDxdaOQOI95Q 0WXbH93m0PpC34_GoKU_nxOSWnTmSmI_rJf6CDEPnxRnvXfN7FYQkFG31fm5 nusVB0j6Sty7EeXB_0bKqiS4oge5WC7VG58MXFmFx8QuBy_IYZSMxBNXzzzP 2Y_sdxbXr_6iPol9glpw9xWbpOuWu8YYBr7iyKgE64ZvaWfP4qZhveTcaZ0b VmphqNSHpumUQYB0b4e0X0dkYkmGK5ddnm8WbSalIIGz2LdRDNwXDqsRaVKq SYpUCk2MMEq5waaD.NcsjkXLptnbEUMoL1q.OfV3nq9NqhDy3qH_VqxGHC8h VfyTbKJ8P_h7cWZuPLYNEJGU_YuAMCdCPonzRV08keHXhtBoXAghjXGdRTTx aibKQDUK5w514I4_N.k_G6cY3OeirQFe6xlFKISDk9DAuQ.B1E3Ymt1_68L_ tBuYXzW9wAp8K1mNw0K3IMDl1TYI5kMCFL33egNLhHHelWQVlAuxTvauRlF5 R8BpDidElroBh_Ppvaz.taJyf8_mFdqSavkfLfQTQYWH29NITS7fsvXbCbFX FCXnCdyiaMlXUHYb5PKG

X-Originating-IP: [98.139.52.246]

Authentication-Results: mta1274.mail.mud.yahoo.com from=rxxxxxxxxxxxx; domainkeys=pass (ok); from=xxxxxxxxxxxxx; dkim=pass (ok)

Received: from 127.0.0.1 (HELO nm28-vm0.bullet.mail.ac4.yahoo.com) (98.139.52.246) by mta1274.mail.mud.yahoo.com with SMTP; Mon, 03 Jan 2011 03:30:44 -0800

Received: from [98.139.52.194] by nm28.bullet.mail.ac4.yahoo.com with NNFMP; 03 Jan 2011 11:30:43 -0000

Received: from [98.139.52.176] by tm7.bullet.mail.ac4.yahoo.com with NNFMP; 03 Jan 2011 11:30:43 -0000

Received: from [127.0.0.1] by omp1059.mail.ac4.yahoo.com with NNFMP; 03 Jan 2011 11:30:43 -0000

X-Yahoo-Newman-Property: ymail-3

X-Yahoo-Newman-Id: 604769.20344.bm@omp1059.mail.ac4.yahoo.com

Received: (qmail 31745 invoked by uid 60001); 3 Jan 2011 11:30:43 -0000

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=xxxxxxxxxxxx; s=s1024; t=1294054243; bh=rL38I/vcTeWBN5ePBF1lCKQLosL6nHDjFY2CcoCiO/A=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=vOva7k9ChCt+WLN54UYeV8ZoKBORtaZNbvW+33cnsLabFKO/XiJ1QEZXqUOifEZ0rWsr07dzVP/TQLwTEcZUI88MA/lpE+8nIEmBStXiEMcBSXjH/TkXSWdOZiX6/MBGrlTIH30bucJ/Vv4kmFBMPMkslqxNW4AC6iI9yKFh5A4=

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=rogers.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=rlHAi8MykoiQP8V/gPR2xvBFwmD+Z+B36KhdGt2AP1acy1MgYqEJbU4HRzvCuc78NWZh/Riy66T5jFNLuMl8v8LBBksluHbG2oE2RqGktAeI7J99AmIKY7mCB+ps2BXGiEh13HXN3PhqT8+yRdcGHUuG6iExZZHaolT0i3FZ07s=;

Message-ID: <409883.31742.qm@web88103.mail.re2.yahoo.com>

X-YMail-OSG: ZRQnKb4VM1ku.9rdShytZyIG94qTIdGOoyZAe2QPO9wYSbW cxGUZvqnYP9WfXZR3rRhcEOw5JJvSZQAvpGtfI5SWoUQSCu.B.VvA_8B.otK WFZIgWgqcD8APk_PGcG4bnL6fS4FEAK7gS1IuJJvIhV5.3a8NH0hBh_RazRa ImSRjyXZU3oNERsrFzMCBJ9gvIAHVbvDdgMBmKLdYzyBul509GdR_ijeklth WNFZjxIQUGz__om2b8OPs1Fpq1DFAMJZb7wWMQbaiGk4UaTzafnYEQTzqy3J G3kL0SW9bMyElCXPmwP8TFP9U3aT9IpIQfZpt4Cum4qtBY0Mari9Cl.arWR3 etv0mJTtIalQMElA7CK3Qe9MWN1ZhBeRnj8zTEQZdWG0N4wSt0Ck-

Received: from [82.128.73.13] by web88103.mail.re2.yahoo.com via HTTP; Mon, 03 Jan 2011 03:30:43 PST

X-Mailer: YahooMailRC/553 YahooMailWebService/0.8.107.285259

Date: Mon, 3 Jan 2011 03:30:43 -0800 (PST)

From: This sender is DomainKeys verified

Bernice <xxxxxxxxxxxxxxxxxxx>

Add sender to Contacts

Reply-To: Bernice <xxxxxxxxxxxxxxxxxxxxxxx>

Subject: NEED YOUR HELP

To: xxxxxxxxxxxxxxxxxxxxxxxx

MIME-Version: 1.0

Content-Type: multipart/alternative; boundary="0-505280661-1294054243=:31742"

Content-Length: 2328''

(didn't delete but moved to int(el) folder for future ref)

edit typo

Edited January 3, 2011 by John Dolva

[John Kelin]

I got the same email, although it just said "Bernice" -- no last name. I didn't take the bait.

A year or so ago I got a nearly identical message, this time using the first and last name of a well known person within the JFK community. I didn't take the bait on that one, either, although this email was slightly more convincing. Within a few hours the JFK person found out, and sent around a message saying no, he hadn't been mugged in Europe, beware of the fraud.

I second that. Beware.

[Dawn Meredith]

Sure is. Apparently I have a Paypal account, Pfizer is eager to sell me medicine (wikileaks), and apparently I am a member of Facebook (which I think is one giant data-mining Virus.

:lol:thank goodness, i do not belong to facebook or sell medicine... here is a copy of the email that magda received, if any get such, discard or perhaps save them for when all is corrected it may help the server to track them,whatever, sorry about this if any are bothered, it is not moi..thanks b

Here is the text of the email:

I'm Sorry I didn't inform you about my trip to Spain for a program,I am presently in Madrid Spain,something extremely awful happened to me,I was mugged at gun point on my way to the Hotel by some Hoodlums and they made away with my Bag and other valuables. Presently my things are been held down by the hotel management due to my inability to pay the hotel bills which I currently owe,they even had to restrict my access to the hotel facilitates until outstanding bills are cleared and i don't have any money on me again,i had to walk down to the city library in order to send you this email.I have spoken to the embassy here but they are not responding effectively to the matter.

This is really shameful,I need you to help me with a loan of 2,600 Euro to pay my hotel bills and get my self back home.I will reimburse you soon as I get back Home, with all the interest.I will appreciate whatever you can assist me with. Let me know Immediately

Bernice

iam in SPAIN, LOL, LLH

I got it as well B. and immediately guessed it was not you because of how it is written. Not your style.

I am very sorry your email was hacked but am relieved that this did not happen to you.

Dawn

[Steven Gaal]

I just got the email and immediately posted a message here to contact you.

We were both sending the warnings at the same time.

Jack

############################################################################################

Jack, Its from Russia with love...

http://scammers.ru/scammers/144881.htm

######################above link found by E's inner property's

nm9.bullet.mail.ac4.yahoo.com

Edited January 3, 2011 by Steven Gaal

[John Dolva]

http://whatismyipaddress.com

General IP Information

Hostname:82.128.73.13ISP:Multi-Links Telecommunications LimitedOrganization:Reserved for future useProxy:None detectedType:BroadbandAssignment:Dynamic IPBlacklist:

Geolocation Information

Country:Nigeria State/Region:Lagos

Edited January 3, 2011 by John Dolva

[Bernice Moore]

http://whatismyipaddress.com

General IP Information

Hostname:82.128.73.13ISP:Multi-Links Telecommunications LimitedOrganization:Reserved for future useProxy:None detectedType:BroadbandAssignment:Dynamic IPBlacklist:

Geolocation Information

Country:Nigeria State/Region:Lagos

Sorry fellas and ladies, for the inconvenience, some have nothing better to do, than try to not work for a living, john dolva does that mean the hacker was in nigeria, i know so little about this crap, but felt i should go public at once, geoff just came in jack, and said after i told him, '' i go out for a coffee, and you take off for Spain, holy xxxxe''.... all is secured now by the server, they have caught some emails, said they did not know for sure it was traceable, of course they do not want any responsibility , anyway he was going to look into it, so he said, as far as he could,now all, watch your mail, mr kelin, sorry bout that.. so anymore, delete them..thanks for the forum, john so that i was able to let others know, i am not stranded in sunny spain...b

Edited January 3, 2011 by Bernice Moore

[Bernice Moore]

http://whatismyipaddress.com

General IP Information

Hostname:82.128.73.13ISP:Multi-Links Telecommunications LimitedOrganization:Reserved for future useProxy:None detectedType:BroadbandAssignment:Dynamic IPBlacklist:

Geolocation Information

Country:Nigeria State/Region:Lagos

Sorry fellas and ladies, for the inconvenience, some have nothing better to do, than try to not work for a living, john dolva does that mean the hacker was in nigeria, i know so little about this crap, but felt i should go public at once, geoff just came in jack, and said after i told him, '' i go out for a coffee, and you take off for Spain, holy xxxxe''.... all is secured now by the server, they have caught some emails, said they did not know for sure it was traceable, of course they do not want any responsibility , anyway he was going to look into it, so he said, as far as he could,now all, watch your mail, mr kelin, sorry bout that.. so anymore, delete them..thanks for the forum, john so that i was able to let others know, i am not stranded in sunny spain...b

P.S. never a dull moment around here...b

Edited January 3, 2011 by Bernice Moore

[John Dolva]

I just posted the encoding that came with the spam and checked a couple of the ip's using that locator site. There are other Ip's there too, so the exercise was just to show that whois lookups can be done to some extent.

The Nigeria one jumped out as it's known as a scam source.

The pupose is beyond me, whether it's more than just a standard scam spam, but we do live in interesting times.

So basically all I've shown is what's 'hidden' that comes with emails and what way some data can be gleaned from it..

[Barb Junkkarinen]

I just posted the encoding that came with the spam and checked a couple of the ip's using that locator site. There are other Ip's there too, so the exercise was just to show that whois lookups can be done to some extent.

The Nigeria one jumped out as it's known as a scam source.

The pupose is beyond me, whether it's more than just a standard scam spam, but we do live in interesting times.

So basically all I've shown is what's 'hidden' that comes with emails and what way some data can be gleaned from it..

I got it too .... and forwarded it to abuse at Bernice's server ... as other people I know of who have had this happen to them have been requested to do by their servers in the past. They might like to have all the encoding info/trail you deciphered, John.

Just one of those scams that goes around, every once in awhile they probably get a hit on someone who responds and wires money, gives their "friend" a credit card number to use, etc.

Crazy way to have to start your Monday, Bernice. :-(

Bests,

Barb :-)

[Guest Robert Morrow]

Here is the scam email that was sent out from your hacked account (change your password ASAP):

"I'm Sorry I didn't inform you about my trip to Spain for a program,I am presently in Madrid Spain,something extremely awful happened to me,I was mugged at gun point on my way to the Hotel by some Hoodlums and they made away with my Bag and other valuables. Presently my things are been held down by the hotel management due to my inability to pay the hotel bills which I currently owe,they even had to restrict my access to the hotel facilitates until outstanding bills are cleared and i don't have any money on me again,i had to walk down to the city library in order to send you this email.I have spoken to the embassy here but they are not responding effectively to the matter.

This is really shameful,I need you to help me with a loan of 2,600 Euro to pay my hotel bills and get my self back home.I will reimburse you soon as I get back Home, with all the interest.I will appreciate whatever you can assist me with. Let me know Immediately

Bernice"