My First German Scam Email

The phishermen are casting a wide net.

Here’s my first phishing email in German, with headers:

Return-Path: majorapp@bronco.websitewelcome.com
Received: from imta34.emeryville.ca.mail.comcast.net (LHLO
imta34.emeryville.ca.mail.comcast.net) (76.96.28.168) by
resmail-po-420v.sys.comcast.net with LMTP; Tue, 15 Jul 2014 13:17:57 +0000
(UTC)
Received: from bronco.websitewelcome.com ([192.185.82.92])
by imta34.emeryville.ca.mail.comcast.net with comcast
id SdHw1o0041zWx2w0adHwbd; Tue, 15 Jul 2014 13:17:56 +0000
X-CAA-SPAM: 00000
X-Authority-Analysis: v=2.1 cv=P/wD2Ewu c=1 sm=1 tr=0
a=KztXjUqHRyz9kbsNwKbgzg==:117 a=8FReB3YSAAAA:8 a=C_IRinGWAAAA:8
a=GGcpBh7Jt_oA:10 a=trIDVAjzH2wA:10 a=rKpt8qlD2zIA:10 a=aYsrNlUn7DwA:10
a=IkcTkHD0fZMA:10 a=cc8bsT4k8mMA:10 a=srLljQ7VAAAA:8 a=QpSK2HJ8AAAA:8
a=QAZS5B4ip-KZLdxwkisA:9 a=8PHepCJaBy8WvsX-:21 a=QEXdDO2ut3YA:10
a=_W_S_7VecoQA:10 a=6xz8xM_uv-EA:10
Received: from majorapp by bronco.websitewelcome.com with local (Exim 4.82)
(envelope-from <majorapp@bronco.websitewelcome.com>)
id 1X72cF-0004OT-QT
for [redacted]; Tue, 15 Jul 2014 08:17:55 -0500
To: [redacted]
Subject: Amazon.de Kundenservice
X-PHP-Script: majorappliancesinfo.com/ for 93.93.69.158
From: accountcheck@amazon.de <accountcheck@amazon.de>
Content-type: text/html; charset=utf-8
Reply-To: accountcheck@amazon.de
Message-Id: <E1X72cF-0004OT-QT@bronco.websitewelcome.com>
Date: Tue, 15 Jul 2014 08:17:55 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – bronco.websitewelcome.com
X-AntiAbuse: Original Domain – comcast.net
X-AntiAbuse: Originator/Caller UID/GID – [3638 32003] / [47 12]
X-AntiAbuse: Sender Address Domain – bronco.websitewelcome.com
X-BWhitelist: no
X-Source-IP:
X-Exim-ID: 1X72cF-0004OT-QT
X-Source: /opt/php54/bin/php-cgi
X-Source-Args: /opt/php54/bin/php-cgi /home/majorapp/public_html/wp-content/themes/twentyten/images/headers/sistems.php
X-Source-Dir: majorappliancesinfo.com:/public_html/wp-content/themes/twentyten/images/headers
X-Source-Sender:
X-Source-Auth: majorapp
X-Email-Count: 9
X-Source-Cap: bWFqb3JhcHA7emV2eW9zMjticm9uY28ud2Vic2l0ZXdlbGNvbWUuY29t

Wir brauchen Ihre Hilfeaufgrund der steigenden Zahlungsausfalle mittels Lastschrift- und Rechnungszahlung,
ist es in Zukunft leider nicht mehr moglich, eine Zahlung bei Amazon.de mit diesen Zahlungsarten ohne hinterlegte Kreditkarte zu tatigen. Daher ist es notwendig, dass alle Kunden eine Kreditkarte als Zahlungsmittel hinterlegen.

Sollten Sie bereits eine Kreditkarte hinterlegt haben, bitten wir Sie, die bereits hinterlegte Kreditkarte zu verifizieren. Sollten Sie noch keine Kreditkarte besitzen, legen wir Ihnen gerne die Amazon VISA-Kreditkarte ans Herz. Nutzen Sie zur Verifizierung bitte den folgenden Link: Zum Sicherheitsverfahren – http://amazon.acountingdatacheck.com (Notice that this is not a valid Amazon.de URL)

Bitte beachten Sie, dass Sie Ihr Amazon.de-Kundenkonto ohne hinterlegte Kreditkarte in Zukunft nicht mehr nutzen konnen.

Mit freundlichen Grußen,
Ihr Amazon.de Kundenservice

In short, they’re saying that I can no longer use my current credit card and need to add a couple more. The bogus link takes you to a bogus Amazon page
bogus
where you get to divulge all of your credit card and banking data.
Please be careful out there. So many evil and unprincipled drones want your money, and will stop at nothing to get it.
The Old Wolf has spoken.
Advertisements

6 responses to “My First German Scam Email

  1. For a SPAM/Phishing e-mail it has an amazingly good German, even the stilted phrasing you’d expect if it were real. And, also amazingly, they even admit you won’t be taken to the real Amazon website.
    Have a good one,
    Pit

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s