dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
791
share rss forum feed


sm5w2

join:2004-10-13
St Thomas, ON

How easy is it to create "rogers.com" address for spam

I got a spam this morning, and I'm curious about the return address used in the body of the message.

Here's an on-line analysis of the header: »mxtoolbox.com/Public/Tools/Email···5da6c211

So I know that some hospital in Asheville NC is the source of the spam. But the message body has this:

=============
Greetings and hope you are having a good weekend...

I have been asked by Mrs Abady to contact you about the charity fund which she seeks to establish with your assistance.

The fund is worth $2.1M and your assistance will be rewarded. Please contact Mrs Abady at her email address below for details;

Mrs Abady: ja33@rogers.com

Regards
Janice
===============

A Rogers.com email address?

I threw that address into google, and here's one of the hits: »www.419scam.org/419-rogers-com.htm

135 examples where spammers are using rogers.com email addresses as their point of contact (and my example isin't even listed there).

So how is it that spammers are using rogers.com email accounts as their response address? Are those accounts owned by real Rogers customers? Were they created programatically by malware running on infected PC's owned by Rogers customers? Are they somehow tied into to "work from home" scams that Rogers customers fell for?



TLS2000
Crazy Canuck
Premium
join:2004-02-24
Mississauga, ON
Reviews:
·TekSavvy Cable
·Rogers Hi-Speed

Nothing in the header indicates it came from a Rogers email server.

Putting an @rogers.com email address in the message body meanas little when most people will just hit reply and reply to the @msj.com email address in the header.
--
Tom



sm5w2

join:2004-10-13
St Thomas, ON

1 edit

> Nothing in the header indicates it came from a Rogers email server.

Didn't I make that clear? Didn't I say that I know the spam came from a Hospital in Asheville?

So you're saying that the spammer went the extra step of putting a rogers.com email address in the message body (a non-working rogers address, according to you).

Why would they do that?

Why would they create confusion and cause some fraction of respondents to do exactly what the message body says (which is to contact them at the rogers address) which would result in a failed attempt to make contact with the target?

If the spammer was intending the recipient to simply hit Reply (and cause the reply to go to msj.org) then why not include that same address in the message body? Why complicate things by putting a rogers.com address in the body?


arthurwinslo

join:2012-11-30
Toronto, ON

2 recommendations

I'm guessing you're new to the internet.



sm5w2

join:2004-10-13
St Thomas, ON

> I'm guessing you're new to the internet.

I've been using email since 1988, so no, I'm not new to the internet.

For those of you that want desperately to think that the address ja33@rogers.com was bogus and not intended to receive a response to this scam email, I have bad news for you. Using a hushmail account, I sent a reply to ja33 earlier today. Here's what I got back:

============
Return-Path: ja33@rogers.com

Received:
from [149.254.219.126] by web141704.mail.bf1.yahoo.com via HTTP;
Sun, 02 Feb 2014 14:35:47 PST

From: "Mrs J. Abady"
Reply-To: "Mrs J. Abady"
Subject: Re: Assistance
To: (some-address)@hushmail.com

Beloved,

Thank you for contacting me as per my PA's advice and I want you to know that you were not contacted in error. My name is Joan Abady, I will be 82 years old in February and presently undergoing palliative intensive care in The Solomon Islands. I spent most of my life in The United Kingdom, Morocco and Canada with my late husband who died in a fatal crash years ago on his way to Geneva. News about this was on CNN, you could check their website to confirm as my husband's name is the first on the list:

(...)

At the moment I cannot take any telephone calls because of the health support equipments I use due to radio signals. I could barely complete this email with assistance from my PA because of my health condition, please pardon any discrepancies. I require your urgent response if you are trustworthy and willing to help me finalize the required financial transactions so that I will immediately write my lawyer to prepare a court injunction/power of attorney making you beneficiary to the donation fund. All other documents are with the finance firm which I sent to them for safe keeping because I do not want family members, friends or anyone else to know about this.

To process the affidavit of claims with my lawyer; which is vital to the completion of the donation fund transfer to you, please send me your:

Full Names
Full Contact Address
Contact Phone
Number

I await your response. Thanks a million!
Joan
Abady
==============

The IP address 149.254.219.126 = genld-219-126.t-mobile.co.uk

So again I ask - how does a rogers.com address become used as part of these scams?

Who exactly can sign up or be given a rogers.com email address?



sbrook
Premium,Mod
join:2001-12-14
Ottawa
kudos:12
Reviews:
·WIND Mobile
·TekSavvy Cable
reply to sm5w2

Considering that Roger.com email is yahoo mail in disguise, maybe this has something to do with it?

»www.npr.org/blogs/thetwo-way/201···how-many



sm5w2

join:2004-10-13
St Thomas, ON

> maybe this has something to do with it?

(large web-mail provider hacked - again)

How would that explain the historical list of over 100 rogers.com address on this page that have appeared as spam contact addresses?

»www.419scam.org/419-rogers-com.htm

Addresses such as:

web.offfice.2.8@rogers.com
web.office.0309.0117@rogers.com

Many of them being programatic or algorithmic versions of "web.office.nnnnn" @ rogers.com.

As if hackers have some programatic ability to generate rogers.com email accounts at will - without the need or requirement that they hack the name/PW of existing accounts.

In the current example, if the account "ja33@rogers.com" was hacked, would that owner either (a) no longer have access to the account, or (b) would be seeing the response mail showing up in the account from people responding to the scam, and would be seeing the out-bound (sent) mail being sent back (as the one I posted above)?

When the login Name/PW of webmail accounts are "stolen", we can presume that hackers will use the credentials to send spam. But to use the accounts to perform active, 2-way communication with fraud targets? Do they do that? Do the legit account-holders see these communcations? Or are the login Name/PW of the accounts changed by the spammer before he starts using the credentials?


Ree

join:2007-04-29
h0h0h0
kudos:1

said by sm5w2:

> When the login Name/PW of webmail accounts are "stolen", we can presume that hackers will use the credentials to send spam. But to use the accounts to perform active, 2-way communication with fraud targets? Do they do that? Do the legit account-holders see these communcations? Or are the login Name/PW of the accounts changed by the spammer before he starts using the credentials?

My guess would be they don't see them. Each Rogers subscriber can have multiple email accounts, so I would bet they're creating secondary accounts and not hijacking the primary account.

cepnot4me

join:2013-10-29
Severn Bridge, ON
kudos:1
Reviews:
·TekSavvy DSL
reply to sm5w2

How hard is it? It's not hard at all. Hack an existing customers default login, sign into the account, create secondary accounts.
Or.
Get Rogers, create a scam email address. Begin scamming. Pretend your from somewhere other than Toronto.
Or.
If you know a customers account number and home phone number, register to create an email account on their behalf, associated to their account, but accessible through Yahoo anywhere in the world.


cepnot4me

join:2013-10-29
Severn Bridge, ON
kudos:1
reply to Ree

Most people don't use Rogers email, so someone signing up and creating a primary or secondary account would go undetected indefinitely.



Ian
Premium
join:2002-06-18
ON
kudos:2
reply to sm5w2

Wow. What a sad story.

I decided to help out Mrs. Abady with her financial issues.



roger1

@bell.ca

anyone can make it appear theyre email is coming from a @roger.com email address does not mean the email exist, I got a spam email once from a @roger.com email and reply but it bounced said recipient not found, so they put what ever they want as the originating address does not have to be real, they make sh!t up all the time their spammers after all, they don't care



sm5w2

join:2004-10-13
St Thomas, ON

> anyone can make it appear theyre email is coming from a
> @roger.com email address does not mean the email exist,

What's wrong with you? Did you not read my post?

I replied to the @rogers account, and I got a response. Doesn't that tell you that the @rogers account in question is working AND was intended to be used for the fraud in question?



elwoodblues
Elwood Blues
Premium
join:2006-08-30
Somewhere in
kudos:2
reply to Ian

said by Ian:

Wow. What a sad story.

I decided to help out Mrs. Abady with her financial issues.

You are so altruistic Ian.
--
Every government has its Secret Service branch: America, CIA; France, Deuxieme Bureau; England, MI5. NATO also has its own.


elwoodblues
Elwood Blues
Premium
join:2006-08-30
Somewhere in
kudos:2
reply to sm5w2

Rogers won't care since it's a "free" service


cepnot4me

join:2013-10-29
Severn Bridge, ON
kudos:1
Reviews:
·TekSavvy DSL
reply to sm5w2

We got it. No need to flame the guys.

Fact.
Lots of pretend @rogers.com emails exist, in fact my spam folder is full of them some of which use my own email address as the reply address.
This is more common than your spamming incident.

Furthermore, I answered your question.

To go further. Rogers has (had?) a section on Rogers.com to report abuse from a rogers.com email address.

Go on ahead and use that, it's somewhere on rogers.com, if your so concerned.

Your acting like you've stumbled in some giant overlooked back door in Rogers email security..

You haven't.

You got spam. It will happen again.

Get over it.



sbrook
Premium,Mod
join:2001-12-14
Ottawa
kudos:12
Reviews:
·WIND Mobile
·TekSavvy Cable

he has discovered that rogers customers are just as vulnerable as yahoo! customers since they use the same platform. That Any email account should be hacked is bad. I had a hotmail account hacked by some Im stranded in xyz with no money" scammer. I logged in one day and found him sending one while i was logged in. within 24 hours, he hacked it again with a new password. It took 3 password changes in 24 hours to be rid of him. I know yahoo! users who have had the same problem.

it takes thousands of complaints in a short period for yahoo! or hotmail to do anything. you might as well spit into the wind otherwise.



sm5w2

join:2004-10-13
St Thomas, ON

> He has discovered that rogers customers are just as vulnerable as
> yahoo! customers since they use the same platform.

I didn't know that yahoo was handling email for rogers.com accounts until I got the response back from ja33@rogers.com.

But while we're still on this topic - how would you explain the method used in this fraud campaign, whereby I first received an e-mail from what looks like a hacked account hosted by a hospital in Asheville NC, luring me to correspond with the spammer via a rogers.com (yahoo) account?

Why didn't the spammer just make use of the hacked yahoo (rogers.com) account for the initial and subsequent contact?


cepnot4me

join:2013-10-29
Severn Bridge, ON
kudos:1
Reviews:
·TekSavvy DSL
reply to sbrook

Any email account can be hacked.. period. There is always a way depending on the lengths you want to go to. That's just the Internet. Security is only as good as the person designing it, there is always a way.

In my opinion, in this case. No account got hacked. One was just created. It's not hard if you know how to create an @rogers.com email address. I don't want to put the details in this forum for fear it would be used as a "how to" guide.

But you can create one easily, then email out from anywhere you have outlook or access to yahoo.

It's probably easier to create one than it is to hack one. And the account number its registered to would have no idea unless they signed in with their master profile.. but since 85% of customers don't even create a master account.. theoretically they have no idea, the scammer can just keep generating new emails with one account until he gets bored, or that customer cancels their account.



sm5w2

join:2004-10-13
St Thomas, ON

1 edit

> but since 85% of customers don't even create a master account

How can a secondary account exist that is linked to or branched from a primary account that doesn't exist or has never been created?

Are you saying that it's possible for someone that is not a Rogers customer to create a "master" or primary email account? Without knowing beforehand the details of any particular rogers customer?

I'm trying to understand the relavence or utility of non-existant primary accounts (primary email accounts that are not created by legit rogers customers).

> In my opinion, in this case. No account got hacked.

Um, yes. The account hosted by the Ashville hospital was hacked (or the SMTP credentials were obtained somehow) which enabled a spammer to send the introductory email to me via the hospital's SMTP server.


cepnot4me

join:2013-10-29
Severn Bridge, ON
kudos:1
Reviews:
·TekSavvy DSL

When you sign up for Rogers Hi speed you are provided with a registration key and registration number. The key is your account number the registration number is a specific part of your phone number.

So you sign up for a Rogers Internet account, but you have your Hotmail or Gmail, what do you do with that registration info?

Nothing.

It just sits there waiting to be activated.

Your bill comes, and goes into the recycle box, trash etc. If you know what information you need, you can look at any Rogers bill and then use the info to create a Rogers.com email account.

Since the actual Rogers account holder never did anything with the info, they have no way of knowing their account has 5 email addresses registered under it. The only way they would know is if they decided to try to register an email account with the info someone else has registered.

Now doing this is easier, faster and more likely to succeed than hacking a actual Rogers.com users account.

As far as sending it from the hospital server, I don't know. I'm only talking in regards to the return email being an active Rogers.com email address.

To be honest, it's not too far fetched to even say this spammer actually registered a scam account with his own @rogers.com account. Rogers doesn't aggressively watch or notice if their rogers.com accounts are spamming. Unless, it's sending thousands of emails in one shot.

So it would make sense to hack the hospitals outgoing, but receive responses to the rogers.com.



r for roger

@206.47.249.x

spammers typically DONT CARE if the rogers email in their spam is a working one or not, thats why its called spam for a reason

Expand your moderator at work


sm5w2

join:2004-10-13
St Thomas, ON
reply to r for roger

Re: How easy is it to create "rogers.com" address for spam

> spammers typically DONT CARE if the rogers email in their
> spam is a working one or not

Fraud spam requires that the spammer establish a 2-way communications channel with the recipient. That means the e-mail given in the spam MUST work. So yes, in this case the spammer DOES care if the email address is working. And in fact the rogers account ja33@rogers.com did work - as repeatedly explained in this thread.



sm5w2

join:2004-10-13
St Thomas, ON
reply to cepnot4me

cepnot4me writes:

(explains how Rogers customers who have existing email with someone else can sometimes never activate their assigned primary @rogers.com account)

> Your bill comes, and goes into the recycle box, trash etc.
> If you know what information you need, you can look at
> any Rogers bill and then use the info to create a
> Rogers.com email account.

You've just lost all credibility if you propose that hackers activate @rogers.com accounts by picking through people's garbage looking for tossed-out Rogers invoices. The ergonomics and logistics of using that method on a commercial, organized scale is beyond crazy.

Expand your moderator at work

System
reply to sm5w2

This topic has been closed. Reason: run its course