This is an example of the type of email message you should be careful of. This is the HEADERS of the email. They all have this. Your email program usually hides or suppresses 99% of this. But you can get to it … sometimes by right-clicking the message and selecting “Properties”.
Of course you should be careful of all email messages. Particularly if you weren’t expecting it, don’t know the sender, or if it is asking you to take action such as clicking on a link. The bad guys will very often try to imitate what might be trusted source … in this example Yahoo.com. A lot of people likely have a Yahoo email account. It would be pretty rare for Yahoo to send such a short email – telling you to click on a link. And even so you can often run your mouse over the link and look down at the bottom of your email program and see what the actual link actually points to. What address on the web. If it doesn’t start and end with Yahoo.com in the domain part – I’d be suspicious of it. It probably leads to Bad Fortune for you. Like an exploit or virus that could infect your computer.
In the headers below look at the “Recieved from” lines. They don’t look like anything like Yahoo.com. You can copy-and-past the IP Adresses in the parenthesis on those Received From lines and look them up on “whois.arin.net” and find out who (who’s network) they really belong to. Someone in another country would not be emailing you OFFICIALLY on behalf of Yahoo.com (or other source that you trust.) Parts of the header may be modified and falsified. Who it is “From:” and who you would automatically “Reply-To:” if you tried to reply, as in this case, can also be modified and falsified. Why would I reply to someone at “yahoo.co.th” from a message from firstname.lastname@example.org in the U.S.?
There were Multi-Parts in this message, as there often are these days, with HTML, CSS, or other web programming encoding. Your email program may or may not display those as web page – depending on your settings. And clickable links they embed (which can be quite dangerous) – in this case I think they somehow broke the web link. It wasn’t clickable in my email program anyway. Another part was Base64 encoded … often used to attach files or images (also can be very bad.) which in this case attached an image/jpeg file.
* Anyway if you don’t bank with XYZ bank … don’t be clicking on stuff in an email from (supposedly) that bank. If you didn’t order or ship anything from UPS or Fedex then don’t be clicking on stuff in an email from those companies. And even if you did (ship or order, use that particular bank or other provider) be very careful about emails from them. Look them over very carefully – look for tell-tale signs that they are pure BS … Check the headers for where they are from. Call them on the phone if you have to. **** Save yourself hours of aggravation coming if you get Zapped by a phony prank / exploit email. IF an email, like other things in life, is Too Good To Be True … it probably is Not true. No one is sending you thousands or millions from Nigeria I can pretty much guarantee that. It’s probably an Advance Fee Fraud / Identity Theft / 419 scam. File these messages all in the TRASH BIN. DELETE THEM. And have the pleasant day or evening that you deserve!
Delivery-Date: Tue, 16 Oct 2012 17:40:58 -0400
Received: from ns1.bd4.com (v-27-120-101-67.ub-freebit.net [22.214.171.124])
by mx.perfora.net (node=mxus0) with ESMTP (Nemesis)
id 0M4FBr-1TfuUU2bPn-00rlpH for email@example.com; Tue, 16 Oct 2012 17:40:58 -0400
Received: from www.suminchu.ne.jp ([126.96.36.199]:35611 helo=User)
by ns1.bd4.com with esmtpa (Exim 4.80)
id 1TOEsd-0008q4-IU; Wed, 17 Oct 2012 06:40:52 +0900
From: “Yahoo Team”<firstname.lastname@example.org>
Subject: Update Your Yahoo Account
Date: Tue, 16 Oct 2012 14:40:48 -0700
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – ns1.bd4.com
X-AntiAbuse: Original Domain – marinetelecom.net
X-AntiAbuse: Originator/Caller UID/GID – [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain – yahoo.com
This is a multi-part message in MIME format.
* Chasing down and reporting spam to network operators or providers can become quite an INTERNATIONAL endeavor … looking up the involved IP Addresses and looking them up in US and International databases such as ARIN, APNIC, RIPE, JPNIC, and more … and trying to find the best contact email addresses to write to, and to sent them the correct things. They’ve got to have the whole spam message – or at least the Email Headers … that shows them that the spam could have come from or transited their network(s). You wouldn’t want to do this every day unless you had to do it for a living. I am trying to cut down a sudden influx of 50 – 100 or more spam emails that I have been receiving lately. If I don’t do anything … nothing will probably get done. If I do some tracking down and reporting … at least some of the sources (or transits) can get shut down … and we give the spammers some moments of pause. That we’re not just going to lie down and take this crap.
Alan Spicer Marine Telecom
+1 954 683 3426
communications @ marinetelecom.net
(and take me off all these damn spam / exploit lists! I’m not buying it!)