UnThreaded | Threaded | Whole Thread (16) | Ignore Thread Prev | Next
Author: rah1420 Big red star, 1000 posts Old School Fool Add to my Favorite Fools Ignore this person (you won't see their posts anymore) Number: of 308881  
Subject: Re: CitiSpooph - Right?? Date: 7/15/2005 11:03 PM
Post New | Post Reply | Reply Later | Create Poll Report this Post | Recommend it!
Recommendations: 2
Welup, BB, I did a 'whois' on 198.160.96.232 and got a citibankcards.com domain. Going to www.citibankcards.com I got redirected to the Citibank.com site.

The other thing is that it didn't tell you to "click here" to fill in your information.

This is a phishing email:

From: - Thu May 05 22:05:46 2005
X-Account-Key: account3
X-UIDL: GmailId103ae7dbc5cf52e7
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Gmail-Received: c506b29349543c66214fce0380a6df2c27651b93
Delivered-To: rah1420@gmail.com
Received: by 10.54.3.2 with SMTP id 2cs3653wrc; Thu, 5 May 2005
13:28:25 -0700 (PDT)
Received: by 10.38.150.57 with SMTP id x57mr704972rnd; Thu, 05 May 2005
13:13:25 -0700 (PDT)
Return-Path: <support_num_7720353423989@southtrust.com>
Received: from 81-1-102-168.homechoice.co.uk
(81-1-102-168.homechoice.co.uk [81.1.102.168]) by mx.gmail.com with SMTP
id 70si919906rnb.2005.05.05.13.13.20; Thu, 05 May 2005 13:13:25 -0700 (PDT)
Received-SPF: neutral (gmail.com: 81.1.102.168 is neither permitted nor
denied by domain of support_num_7720353423989@southtrust.com)
Message-Id: <427a7e65.11d083a9.5b6b.3706SMTPIN_ADDED@mx.gmail.com>
FCC: mailbox://support_num_7720353423989@southtrust.com/Sent
X-Identity-Key: id1
Date: Thu, 05 May 2005 14:08:17 -0700
From: SOUTHTRUST <support_num_7720353423989@southtrust.com>
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ragu.raikar@gmail.com
Subject: SOUTHTRUST BANK ONLINE - DETAILS CONFIRMATION

This is yours.

From: - Fri Jul 15 20:43:23 2005
X-Account-Key: account2
X-UIDL: 20050716004037014006i0i0e00774g
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Received: from citims2.info.citibank.com (citims2.info.citibankcards.com[198.160.96.232](untrusted sender))
by worldnet.att.net (mtiwmxc14) with ESMTP id <20050716004037014003mh4ae>; Sat, 16 Jul 2005 00:40:37 +0000
X-Originating-IP: [198.160.96.232]
Received: from localHostName (139.61.202.228:47523) by citims2.info.citibank.com (LSMTP for Windows NT v1.1b) with SMTP id
<4.006F721F@citims2.info.citibank.com>; Fri, 15 Jul 2005 19:42:19 -0500
To: rmcginn@att.net
Subject: Secure, Instant Access to your Citi Card Statement is Available
From: Citi Cards <citicards@info.citibank.com>
Date: Fri, 15 Jul 2005 19:40:17 -0600
Reply-To: Citi Cards <citicards@info.citibank.com>
Content-Type: text/html; Windows-1252
Content-Transfer-Encoding: 8bit
X-PS-OMK-ID: annmn:[742lme042lme4ssmg0120000042lme0mRVWiRVZm]

You should know how to read an SMTP header. Start from the bottom "received" and work your way up; each one tells you what 'relay' the email went through to get to you.

Yours, for example started at 139.61.202.228 (which is owned by the same owner as citibankcards.com.) It then passed to 198.160.96.232 and thence onto worldnet.att.net (which I guess is your ISP) for delivery to you.

Looks pretty up-and-up.

But look at the one that I received as a phishing attempt.
Started on the bottom again, but this time it was from 81-1-102-168.homechoice.co.uk
at IP address 81.1.102.168. And the return path is southtrust.com. Faint warning bells.

If I check out 81.1.102.168 I see that it is indeed going to homechoice.co.uk which doesn't seem to me to have anything to do with Southtrust Bank.

I think yours is ok, and I think it's worthwhile for everyone to see what's going on with their email. Turn on header view and poke around; you'll see some interesting stuff in there.
Post New | Post Reply | Reply Later | Create Poll Report this Post | Recommend it!
Print the post  
UnThreaded | Threaded | Whole Thread (16) | Ignore Thread Prev | Next

Announcements

TMF Credit Center
The Motley Fool Credit Center arms you with real tools and simple messages, that will help you in every credit situation.
Foolanthropy 2014!
By working with young, first-time moms, Nurse-Family Partnership is able to truly change lives – for generations to come.
When Life Gives You Lemons
We all have had hardships and made poor decisions. The important thing is how we respond and grow. Read the story of a Fool who started from nothing, and looks to gain everything.
Post of the Day:
Macro Economics

Looking at Currency Ratios
What was Your Dumbest Investment?
Share it with us -- and learn from others' stories of flubs.
Community Home
Speak Your Mind, Start Your Blog, Rate Your Stocks

Community Team Fools - who are those TMF's?
Contact Us
Contact Customer Service and other Fool departments here.
Work for Fools?
Winner of the Washingtonian great places to work, and "#1 Media Company to Work For" (BusinessInsider 2011)! Have access to all of TMF's online and email products for FREE, and be paid for your contributions to TMF! Click the link and start your Fool career.
Advertisement