OT - Strange e-mail

I found this e-mail in my inbox today. Anybody else receive one of these? Hey Don. Nichols any words of wisdom on this. The To: box was empty also. How is that possible?

Bernd

Warner Bros studios, >342 empress lane Barking, >sw19bnd london u.k. > >Dear Applicant, > >This email notification certifies that you have been >selected via email to apply and participate as an "Act" in >the induction,casting and making of "SUPERMAN THE MOVIE " >which will be In Theaters by july 2006. >This selection is organised by director Bryan Singer, >Andrew Stanton and John Woo in the bid to create original >characters for the casts Starring: Anthony Hopkins. > >We will acknowledge your altruistic effort and appreciate >your recognition.Selection of applicants and first shots of >SUPERMAN V" will hold in three locations which includes >Spain, London and Grecce. We expect your early attendance. >You are henceforth required to send your application to be >processed before 10th Nov 2004. You are required to send in >your CV msword format and include : >
1.Full names
2.Mailing address >3.Telphone /fax numbers >4.Recent photograph (scan and send via email) >5.Sex/nationality/marital status > >PLEASE SEND CORRECT DETAILS TO: Anchelon > snipped-for-privacy@london.com >THIS WILL ENABLE THE TRAVEL DEPT.PROCESS YOUR APPLICATION. >Mrs.Anchelon Martina is in charge of your travel >arrangements and as soon as your application is processed, >We will send you a mail notification of acceptance and a >brochure via FEDEX with details of your trip. You are >required to pay a (RE-FUNDABLE)registration fee of $150.00 >for the purpose of processing and posting of your travel >document/brochure. We will notified you on your travel >departdeparture/arrival date and as soon as this is >done, your travel fund for the trip will be allocated to >you. > >NOTE: Failure to oblige will result to cancellation of your >application . All applicants will recieve a mail >notification and a telephone interview after your >application as been approved. > >CONGRATULATIONS >REF NUMBER: 03814/17/QG BATCH NUMBER: 09726-14. > >Warner Bros Studios, > >Team coordinator.
Reply to
Bernd
Loading thread data ...

You can't possibly be asking that seriously Bernd. Are you?

It's just another "sharp cookie selling Girl Scouts" who can't even spell refundable correctly. (At least not in American english, do the Brits spell it differently?)

Good luck to anyone ever finding them to get their "RE-FUNDABLE" registration fee back. Their chances would be two, slim and none, and Slim rode out of town right after he cashed the check.

Jeff

Reply to
Jeff Wisnia

Plus they have your name, picure, address for some devious plot.

Reply to
Charles A. Sherwood

I was more interested in how nothing appeared in the To: box of the e-mail and the e-mail addy. I knew it was a scam like those other ones from Africa and Korea. I just never seen one like this.

Bernd

TV : Weapon of Mass Distraction

Reply to
Bernd

Not I, yet at least.

Easy. The actual delivery is via what is known as the "Envelope To", which is passed out-of-band from the text of the message. The same is also true of the "From: " vs the "Envelope Sender". The latter usually shows up as either "From " (no ':'), at the beginning of the message, or as the "Return-Path: " (also at the beginning of the message.

Normally, when e-mail is fed into the sending program (sendmail on most unix boxen), it is also fed the "Envelope Sender" and "Envelope To", separately from the message, though if inovked with a "-t" it will read the headers for the "To: " and "From: " information.

Spammers, of course, forge everything that they can, as do most virii these days.

In this case, it allows it to be sent to many addresses at the same ISP without the other addresses being visible in the headers of the message, so they can try for *lots* of gullible people.

Note that this claims to be from someone located in London. however ... see later in this reply.

[ ... ]

Hmm ... plenty for an excellent identity theft.

And.

A jwhois on "london.com" shows the following in part:

====================================================================== Registrar Name....: Register.com Registrar Whois...: whois.register.com Registrar Homepage:

formatting link
Domain Name: LONDON.COM

Created on..............: Fri, Nov 07, 1997 Expires on..............: Sun, Nov 06, 2005 Record last updated on..: Fri, Aug 27, 2004

Administrative Contact: Email or abuse inquiries contact snipped-for-privacy@mail.com. Law enforcement issues contact 425-226-9011 Easylink Services Corporation 33 Knightsbridge Road Piscataway, NJ 08854 US Phone: 732-652-3930 Email: snipped-for-privacy@easylink.com ======================================================================

In other words, instead of being located in London England, they are located in New Jersey, USA.

Easylink has a lot of strange domain names which can be abused in this way.

And what do you think the odds are that you will ever see that refund?

Not very good English, and did you apply to anything of this sort?

You might find it of interest to call Warner Brothers Studios in the US and ask them what they know about this. I'll bet that they will be eager to get a copy (with *full* headers) to set their land sharks to work.

Good luck, DoN.

Reply to
DoN. Nichols

On Mon, 01 Nov 2004 18:33:51 GMT, "Bernd" vaguely proposed a theory ......and in reply I say!:

remove ns from my header address to reply via email

hehe. Sez it all!

***************************************************** Have you noticed that people always run from what they _need_ toward what they want?????
Reply to
Old Nick

On Tue, 02 Nov 2004 03:24:54 GMT, "Bernd" vaguely proposed a theory ......and in reply I say!:

remove ns from my header address to reply via email

Then you are lucky. AFAIK the email is sent "everywhere" and some ISPs let them through even without an address. They simply get to all subscribers.

Many ISPs allow filtering based upon rules (or your mailer will). Mine has a "points system". No "To:" address is quite a high scorer for a dumping.

***************************************************** Have you noticed that people always run from what they _need_ toward what they want?????
Reply to
Old Nick

Wrong! As I mentioned in a previous reply, the "Envelope Recipient" may be different from the "Header Recipient" ("To: "), and the Envelope Recipient is what actually determines who will get it. (And, there can be multiple Envelope Recipient's in a single delivery.)

On a unix system, the technique is (with some details omitted): ======================================================================

1) Establish a connection to the SMTP port.

2) Identify your system (probably fake).

3) Enter a sender "Envelope Sender"

4) Enter a recipient "Envelope Recipient"

5) If more recipients, go back to (4)

6) Eventually, send the body of the message (including almost all the headers, which are likely to be fake). The receiving system adds a few headers of its own, which can't be as easily faked, and *may* report on the envelope data, depending on the mail software.

======================================================================

Note that it is possible to do this (with telnet to connect to the mail port of a system) entirely by hand, but is normally done by other mail programs.

And spammers and virii have their own programs to do this on compromised Windows systems. This goes past the ISP's mail server, and thus avoids the filtering. Apparently some ISPs are finally getting the idea, and blocking connections via the mail transport port from dialup and (A)DSL connections, so you *have* to send your e-mail to the ISP's mail server, where it can filter out virii and spams. I consider this to be a good thing

I run a series of different filtering schemes, including blocking of mail from any IP address which has previously delivered spam or virii to me.

To my Bayesian filtering, the presence of HTML in the mail is a strong point in favor of calling it spam. And it is surprising how certain words and names never show up in real e-mail, but frequently in spam. (Along with all of the "creative" mis-spellings used to try to hide from filters. :-)

Enjoy, DoN.

Reply to
DoN. Nichols

On 3 Nov 2004 22:55:21 -0500, snipped-for-privacy@d-and-d.com (DoN. Nichols) vaguely proposed a theory ......and in reply I say!:

remove ns from my header address to reply via email

Your message was not "previous" for me when I posted my reply .

Certainly not going to argue the content.

***************************************************** Have you noticed that people always run from what they _need_ toward what they want?????
Reply to
Old Nick

PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.