delenn13
De gustibus nil disputandum
Premium,MVM
join:2006-03-02
Ridgeway, ON
clubs:
| [Serious] Certapay Scam
I am including a copy of the email I just got from my Sympatico account which ironically is the last day I can use it since I am now with Cogeco(so yes it has my email addy but is in the process of being closed). I have already forwarded this to Certapay..which is a legit company( I guess you could call it the Canadian answer to PayPal) endorsed by the 5 major banks and am waiting a reply but I don't know this person who is supposedly sending me this money or why anyone would be sending this money to me so I am betting dollars to donuts this is a scam.
Not to mention I googled it and I found several sites like this :»www.antionline.com/history/topic···8-1.html
Here's the email:
From :
Sent : March 31, 2006 10:10:26 AM
To :
Subject : INTERAC: Email Money Transfer
| | | Inbox
MIME-Version: 1.0
Received: from tomts30-srv.bellnexxia.net ([209.226.175.104]) by bay0-pamc1-f13.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 31 Mar 2006 13:10:33 -0800
Received: from toip6.bellnexxia.net ([209.226.175.174]) by tomts30-srv.bellnexxia.net (InterMail vM.5.01.06.13 201-253-122-130-113-20050324) with ESMTP id for ; Fri, 31 Mar 2006 16:10:33 -0500
Received: from adsl-flat-basic-216.84-47-52.telecom.sk ([84.47.52.216]) by toip6.bellnexxia.net with SMTP; 31 Mar 2006 16:10:29 -0500
Received: (qmail 6834 by uid 541); Fri, 31 Mar 2006 11:10:26 +0100
X-Message-Info: moY6YVwXQ471ThT30mzjxfBlTT4BlunI3jzvUgxDt4o=
Return-Path: delenn_5@shaw.ca
X-OriginalArrivalTime: 31 Mar 2006 21:10:34.0067 (UTC) FILETIME=[8CB87A30:01C65507]
Dear delenn@sympatico.ca,
INTERAC Email Money Transfer.
Amount: $140.00 (CAD)
Sender's Message: how it's going?
Expiry Date: 28 Apr 2006
Action Required:
To deposit your money, click here:
»gateway.ssl-certapay.com/RP.do/?···Z91zg%3D
Trouble with the link? Copy the link and paste it into your web
browser address bar. Please make sure all the characters after the
"pID=" are present.
Need help?
»https://www.certapay.com/ca/oon/en/help
---------------------------------------------------------
What is an INTERAC Email Money Transfer?
If you have an email address and online banking password at a
participating bank, you can send and receive money quickly and easily.
Email carries the notice while the banks securely transfer the money
using existing payment networks. If your bank does not yet offer
INTERAC Email Money Transfers, you can still deposit transfers to any
bank account in Canada. Click
»https://www.certapay.com/en/personalPaym···AQs.html for details.
Pour voir les details du virement en fran§ais, cliquez sur le lien
ci-dessous :
»gateway.ssl-certapay.com/RP.do?p···g%3D?=fr.
I did go to the sites to check it out and it does a good pretty good impression of the real site. So guys be careful if you use the real Certapay. I could use the 140.00 but I am NOT that greedy. Just seemed to surreal to be true.
--
"Dismissed. That's a Starfleet expression for 'Get out.'" Captain Kathryn Janeway |
|
corster
Premium
join:2002-02-23
Ottawa, ON
clubs:
1 edit | actually, it's fake, but a pretty damn good one. |
|
noelstrom
15 is one less than needed.
Premium
join:2003-04-07
London, ON
| reply to delenn13
Looks legit, but I don't think it is. That's almost word for word the email I get when I get $$ from my gf. The ONLY difference is the web address. I get »gateway.certapay.com, not the gateway.ssl-certapay.com you get. Also, my GF's name is always in the email as the sender. Sounds fishy to me
--
My name is noelstrom, and I approve this message. www.myspace.com/noelstrom |
|
corster
Premium
join:2002-02-23
Ottawa, ON
clubs:
 ·Rogers Hi-Speed
| said by noelstrom  :Looks legit, but I don't think it is. That's almost word for word the email I get when I get $$ from my gf. The ONLY difference is the web address. I get » gateway.certapay.com, not the gateway.ssl-certapay.com you get. Also, my GF's name is always in the email as the sender. Sounds fishy to me actually, this is a pretty good fake, but yes, its fake.
Try clicking a bank. they actually faked all the bank sites too.
--
"Ladies and Gentlemen, the next Prime Minister of Canada, Mr. Stephen Harper"
Conservative Party of Canada
|
|
mlerner
Premium
join:2000-11-25
Nepean, ON
·Rogers Hi-Speed
 ·TekSavvy Solutions..
·Bell Sympatico
| reply to corster
said by corster :actually, it's fake, but a pretty damn good one. uhh, yes it is.
Domain Name: SSL-CERTAPAY.COM
Registrar: ONLINE SAS
Whois Server: whois.bookmyname.com
Referral URL: »www.bookmyname.com
Name Server: NS1.NATURALNC.NET
Name Server: NS2.NATURALNC.NET
Status: ACTIVE
Updated Date: 31-mar-2006
Creation Date: 31-mar-2006
Expiration Date: 31-mar-2007
Domain Name: CERTAPAY.COM
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: »www.networksolutions.com
Name Server: NS1-AUTH.Q9.COM
Name Server: NS2-AUTH.Q9.COM
Status: REGISTRAR-LOCK
Updated Date: 19-jun-2003
Creation Date: 27-apr-2000
Expiration Date: 27-apr-2010 |
|
andyb
Premium
join:2003-05-29
SW Ontario | reply to delenn13
easy to tell its fake.at least for me since its not https.the certa pay help site is legit thou as far as i have looked but the link they want you to go to is not. |
|
jojadi76
Premium
join:2002-10-18
Toronto, ON | reply to delenn13
Report that email to certapay. |
|
delenn13
De gustibus nil disputandum
Premium,MVM
join:2006-03-02
Ridgeway, ON
clubs:
| I just got an email from Certapay...
ITS FAKE>>>LOL>>>
Thank-you for taking the time to notify CertaPay regarding the unsolicited email which you received.
Please do not respond to it. Just delete it.
We are aware of the issue and our technical department already took the necessary action to block the website. CertaPay has taken steps to shut-down the source of the distribution and are working closely with law enforcement on this issue.
We thank you for your patience and look forward to resolve this issue.
*Registered trademark of Interac Inc. Used under license.
Sincerely,
Therese
The CertaPay Support Team
Email: info@certapay.com
Phone: 1-888-238-6433
(Monday-Friday, 9a-5p ET).
Website: »www.certapay.com
CertaPay, a division of Acxsys Corporation
--
"Dismissed. That's a Starfleet expression for 'Get out.'" Captain Kathryn Janeway |
|
andyb
Premium
join:2003-05-29
SW Ontario
·TekSavvy Solutions..
·Bell Sympatico
| reply to delenn13
After clicking on the bank link for scotia i can see that it reads open third party..... in the status bar.Then i proceded to open the actual scotia site where my banking is done.https on my banks site none on the link posted above.Damn good job really if you call copying and redirecting links to more fake pages a job. |
|
mr weather
Premium
join:2002-02-27
Mississauga, ON | reply to delenn13
The scammers are getting more sophisticated. Keep your guard up folks!
--
"It's all coming down!!" - Mike Holmes |
|
Deadpool
Go Sens Go
Premium,VIP
join:2001-03-29
Canada | reply to delenn13
It's funny how they said they took the necessary action to block the website when they're not an ISP, nor do they manage the backbones of the Internet. LOL
--
Sens 7 (40 GF) - Leafs 0 (14 GF) **** Final Round: April 15, 2006 |
|
Devanchya
Smile
Premium
join:2003-12-09
Ajax, ON
·Bell Sympatico
| Actually Deadpool, they are taking the necessary steps.
Over the last week I have been sub-contracted to remove 3 differnt Spoofing scams on web servers that had a user with weak passwords
In this case, the "real" company just needs to prove to the .com commity. Takes 24-72 hours in most cases.
--
»www.codecipher.com - Marking the way to tomorrow's solutions |
|
delenn13
De gustibus nil disputandum
Premium,MVM
join:2006-03-02
Ridgeway, ON
clubs:
1 edit | reply to corster
Sorry for the dup..Just learning the ropes around here and found out what it means to be "queued".
I just wasn't sure when Certpay would reply to me and I didn't want anyone to get scammed. I had gottten many a fake email from ebay, banks and credit cards but they were obvious..this one wasn't. Had to do research in google. |
|
yupislyr
join:2002-07-17
Windsor, ON
| reply to delenn13
If you don't notice the fake website first, just look at the email headers you pasted. No research required.
Received: from adsl-flat-basic-216.84-47-52.telecom.sk ([84.47.52.216]) by toip6.bellnexxia.net with SMTP; 31 Mar 2006 16:10:29 -0500
Would a legit email from certapay originate from a slovak dsl address? Nope. |
|
Deadpool
Go Sens Go
Premium,VIP
join:2001-03-29
Canada
·Bell Sympatico
| reply to Devanchya
said by Devanchya :Actually Deadpool, they are taking the necessary steps. Over the last week I have been sub-contracted to remove 3 differnt Spoofing scams on web servers that had a user with weak passwords In this case, the "real" company just needs to prove to the .com commity. Takes 24-72 hours in most cases. Sorry, I was taking what they said literally. They said 'block', and in my books that means block. If what you're saying is true, then they're not even having the site removed either, just the actual .com removed. Which doesn't really help since the HTML link can be spoofed to display whatever.com, but actually points to the IP.
What they should do is contact the hosting company and have them removed.
--
Sens 7 (40 GF) - Leafs 0 (14 GF) **** Final Round: April 15, 2006 |
|
Devanchya
Smile
Premium
join:2003-12-09
Ajax, ON
·Bell Sympatico
| Problem with contacting the hosting company is 9 times out of 10, this is on a Kiddie-scripted hacked machine. Bascily some bozzo has a website with a user "web" and password "123456" and this script gets in.
Depending on the level of the server setup, the next step is usally the instalation of a PHP script with Shell Access, and then using local access exploits to gain root to the box and setup an IRC network connection to publish phishing scams.
Now the larger groups will go ahead and buy .com .net .org names with a spelling error and point it to this location. Domain cost $1.99 in some of the cheaper locations, and a single "successful capture" of personal data is worth about $3000 min. Add Online banking access, or a CC number and that raises the stakes.
Now, Most phishing scams use "HTML" emails to hide the actual address and will instead redirect to something like rbonline.fasf.com/online or something stupid like that. IF that machine is hosted in a certain locations, you can get them shutdown/notified in a few days. Other countries good luck they don't give a fig.
In my case, there was a yahoo lottery scam that was going around and 3 of the attacks were from a twiki exploit, 1 from a weak password, and another 2 from a and [very old] old sendmail exploit. Took about 4-5 hours each just to investigate them and in some cases removal wasn't an option at all and we had to block access to the server locations at the router.
Each one of these cost at least $500 to even begin to repair, and after loss of confidence, support issues, reinstall steps etc, most likely will costs close to $2-3000 on the server side.
This is just KILLER for anyone who is running a small-medium hosting company.
Don't even get me started on the pure ammount of BANDWIDTH some of these attacks can take due to spam/bot inclusion attacks etc can take over.
Makes me sick in a way.
--
»www.codecipher.com - Marking the way to tomorrow's solutions |
|
Kringle
Dr.D
Premium
join:2004-02-27
Pierrefonds, QC | reply to delenn13
CIBC e-mail fraud alerts included this precise messsage since Friday (31MAR06). It's a REALLY well done fraudulent e-mail! |
|
