Saturday, February 6, 2010

Inbox - the VISA scam using an Invalid IP as with the dating scam posted today!

sábado, 06 de febrero de 2010 2:42

honeb00@sscglobal.net>
Received: from apn-77-114-100-240.dynamic.gprs.plus.pl (apn-77-114-100-240.dynamic.gprs.plus.pl [77.114.100.240 invalid IP])
by mailer.ran.es (8.14.2/8.13.8) with ESMTP id o169XgaC000365
for <xxxxx@xxxxxx>; Sat, 6 Feb 2010 10:34:05 +0100
Received: from 77.114.100.240 by mail2.totalink.net; Sat, 6 Feb 2010 10:33:16 +0100
From: "VISA" <alerts@webmail02.register.com>
To: <wxxxxx@xxxxx>
Subject: your VISA 4XXX-XXXX-XXXX-XXXX: possible fraudulent transaction ID 20629567316
Date: Sat, 6 Feb 2010 10:33:16 +0100
Message-ID: <000d01caa70f$697b8090$6400a8c0@honeb00>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_000E_01CAA70F.697B8090"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Importance: Normal
X-UIDL: c*0!!c\W"!UgA"!*J;!!
Status: U
Old-X-EsetId: E74D982990713469F84B987C9E2772
X-EsetId: E74D982990713469F84B987C9E2772
X-EsetScannerBuild: 6543
Dear VISA card holder,

A recent review of your transaction history determined that your card was used at an ATM located in Uruguay, but for security reasons the requested transaction was refused. You need to complete the VISA Card Holder Form. You can do this by clicking the link below:

http://transactions.cforms.visa.com/secureapps/vdir/cholderform.php?ref=9616718483772702652828303170937091927222332718422457131478&email=xxxxx@xxxxx

VISA Cards Support

Ref: NRETZ750DPUVIDIRE3R57F8Q7VG6QIS64LBD1WMY

-------------------------------------------------------------------------------------------------------

sábado, 06 de febrero de 2010 10:33

Return-Path: <pronouncingbdb2@schoneveld.nl>
Received: from 114-36-223-253.dynamic.hinet.net (114-36-200-249.dynamic.hinet.net [114.36.200.249 invalid IP])
by mailer.ran.es (8.14.2/8.13.8) with ESMTP id o161g3hD008050
for <xxxxx@xxxxx>; Sat, 6 Feb 2010 02:42:27 +0100
Message-ID: <000d01caa6cd$940baca0$6400a8c0@pronouncingbdb2>
From: "VISA" <transactions@webmail02.register.com>
To: <wxxxxx@xxxxx>
Subject: possible fraudulent transaction has been executed
Date: Sat, 6 Feb 2010 09:42:01 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01CAA6CD.940BACA0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-UIDL: _VStatus: U
Old-X-EsetId: E74D982990713469F84B987C9E2078
Old-X-EsetId: E74D982990713469F84B987C9E2078
X-EsetScannerBuild: 6543
X-EsetId: E74D982990713469F84B987C9E2772

Dear VISA card holder,

A recent review of your transaction history determined that your card was used at an ATM located in Angola, but for security reasons the requested transaction was refused. You need to complete the VISA Card Holder Form. You can do this by clicking the link below:

http://reports.cforms.visa.com/secureapps/vdir/cholderform.php?ref=802716828835478312669097163244822655604&email=xxxxx@xxxxx

VISA Cards Support

Id: NNC8N1YHMM8S49Q19E184YHLU7O8X67HS8H5U55TA5LEZ1JIHDFG28J16RGWVQ6ETS7T

this was in common witht the previous post "hi me lonenely heart!" dynamic.hinet.net. I could be the same person behind all 3 scam attempts today and suspect that he is stalking meI am forwarding both emails to VISA Europe for their action

Fraudulent emails and websites page.

Report

phishing@visa.com

No comments: