Employment offer phish: what's their purpose?
Results 1 to 8 of 8

Thread: Employment offer phish: what's their purpose?

  1. #1
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487

    Employment offer phish: what's their purpose?

    I recently received this employment offer scam/phish in the email (see below) and after reviewing what information they are seeking I dont really understand what their purpose is and am looking for anyone to shed light on this.

    The information they ask for (name, address, phone number, current occupation, any disabilities) would not seem to be usefull enough to steal my identity for example...but dont know. The only thing I could think of is simply harvesting my email address.

    It's obviously a scam because the email headers - see below.

    Any thoughts?

    Return-path: <www-data@vs8401.vserver4free.de>
    Received: from ms-mta-01 (ms-mta-01 [10.24.14.215])
    by MY-ISP-MAIL-SERVER(ric-o note)
    (iPlanet Messaging Server 5.2 HotFix 2.10 (built Dec 26 2005))
    with ESMTP id <0J1O00A14O6TIX@MY-ISP-MAIL-SERVER(ric-o note)> for
    ric-o-email-address; Fri, 30 Jun 2006 13:22:41 -0400 (EDT)
    Received: from MY-ISP-MAIL-SERVER(ric-o note) (MY-ISP-MAIL-SERVER(ric-o note) [x.x.x.x])
    by MY-ISP-MAIL-SERVER(ric-o note)
    (iPlanet Messaging Server 5.2 HotFix 2.10 (built Dec 26 2005))
    with ESMTP id <0J1O003QHO9JZ0@MY-ISP-MAIL-SERVER(ric-o note)> for
    ric-o-email-address (ORCPT ric-o-email-address); Fri,
    30 Jun 2006 13:22:41 -0400 (EDT)
    Received: from dead-or-live.de (HELO vs8401.vserver4free.de) ([84.16.238.70])
    by MY-ISP-MAIL-SERVER(ric-o note) with ESMTP; Fri, 30 Jun 2006 13:22:33 -0400
    Received: by vs8401.vserver4free.de (Postfix, from userid 33)
    id EF50439271; Fri, 30 Jun 2006 19:11:00 +0200 (CEST)
    Date: Fri, 30 Jun 2006 13:22:41 -0400 (EDT)
    Date-warning: Date header was inserted by MY-ISP-MAIL-SERVER(ric-o note)
    From: "Matsushita Semiconductor Company." <sedb_09@yahoo.com.cn>
    Subject: MSC CO LTD SEEKING YOUR ASSISTANCE ...
    To: ric-o-email-address
    Reply-to: sedb_09@yahoo.com.cn
    Message-id: <5167fv$moc7jk@MY-ISP-MAIL-SERVER(ric-o note)>
    MIME-version: 1.0
    Original-recipient: rfc822;ric-o-email-address
    X-Antivirus: AVG for E-mail 7.1.394 [268.9.7/379]
    Text of email:

    From: Matsushita Semiconductor Company. [sedb_09@yahoo.com.cn]
    Sent: Friday, June 10, 2006 5:21 AM
    To: ric-o
    Subject: MSC CO LTD SEEKING YOUR ASSISTANCE ...


    From The Desk Of
    Mr Teo Ming Kian Chairman,
    Matsushita Semiconductor
    250 North Bridge Road
    #28-00 Raffles City Tower
    Singapore 179101
    Tel: (65) 6832-6832
    Fax: (65) 6832-6565

    Operation Hours:
    Monday to Friday, 8.30am to 5.30pm
    Date 10th /june / 2006

    MSC CO LTD SEEKING YOUR ASSISTANCE IN OPENING OF NEW OUTLETS IN YOUR LOCALITY.

    Dear Friend,

    This email comes to you from the desk of Mr Teo Ming Kian chairman MATSUSHITA SEMICONDUCTOR COMPANY LIMITED based in Singapore. Matsushita is a Global manufactural of Gray market goods,and this are items manufactured abroad and imported into the US without the consent of the trademark holder. Examples of such goods are REFRIGERATORS of all kinds,Electronics and Home Appliances.

    We import this products into the World Trade Market at large and due to the high demands of our products , we have been able to acquire outlets all over Europe,Asia and America where our products can be bought. And as at today, there are 10 Matsushita companies in Singapore, including its Asia-Pacific headquarters and eight manufacturing companies in various sectors, ranging from refrigerator compressors to consumer electronics to advanced displays and semiconductors.

    Due to the high rate of sucess in the last fiscal year of trading in the United States and Canada,we have deceided to embark on major expansion plan in these Countries even as the global economy is showing optimistic signs of pick-up. we export into the canada/America and some parts of Europe.We are searching for representatives who can help us establish a medium of getting our funds from our costumers in these areas as well as making payments through you to us.

    Please if you would be able to perform the following task for us which are listed below

    1 Helping in the sales of our products to willing customers that are wanting to buy.

    2 Receiving payments from customers by all means of payment method that is available, and one that suits their convinent at that point in time.

    We want to bring to your notice that this position does not require any relevant experience and it is best suited for all{ graduates, professionals and non graduates}.

    If you deem you are fit enough for this job,we would want you to supply or furnish us with the following information via email

    1 Your Full Name As It Would Appear On Your Letter Of Appointment

    2 Your Contact Address

    3 Telephone Number { Both Home And Mobile} / Fax

    4 Your Present Occupation

    5 Lastly,we would want to know if you have any form of dis-ability

    Note that if we eventually deem you fit for this position,you would be placed on a 10% commision for each sales and any amount you help receive from customers.

    Thank you so very much for having the patient and time to read this email.We look forward to hearing from you.

    Wishing you a Blissful day,

    Mr Teo Ming Kian,

    Chairman,

    Matsushita Semiconductor Company.

    Website : www.sedb.com

  2. #2
    Junior Member
    Join Date
    Aug 2004
    Posts
    28
    For a large company they make a lot of spelling errors.

    also the greatings at the end are always soo...... yuck
    Like a large company would say 'wishing you a blissfull day'
    or 'god bless you' ... just say best regards or regards.

    I know it's a scam, but where in the header can you see that it's a scam?
    I'm not really into these kind of things. Except i read some 419 scams.

  3. #3
    IT Specialist Ghost_25inf's Avatar
    Join Date
    Sep 2001
    Location
    Michigan
    Posts
    648
    Search results for: 84.16.238.70
    OrgName: RIPE Network Coordination Centre
    OrgID: RIPE
    Address: P.O. Box 10096
    City: Amsterdam
    StateProv:
    PostalCode: 1001EB
    Country: NL
    ReferralServer: whois://whois.ripe.net:43
    NetRange: 84.0.0.0 - 84.255.255.255
    CIDR: 84.0.0.0/8
    NetName: 84-RIPE
    NetHandle: NET-84-0-0-0-1
    Parent:
    NetType: Allocated to RIPE NCC
    NameServer: NS-PRI.RIPE.NET
    NameServer: SEC1.APNIC.NET
    NameServer: SEC3.APNIC.NET
    NameServer: SUNIC.SUNET.SE
    NameServer: TINNIE.ARIN.NET
    NameServer: NS3.NIC.FR
    Comment: These addresses have been further assigned to users in
    Comment: the RIPE NCC region. Contact information can be found in
    Comment: the RIPE database at http://www.ripe.net/whois
    RegDate: 2003-11-17
    Updated: 2004-03-16


    Search results for: 10.24.14.215
    OrgName: Internet Assigned Numbers Authority
    OrgID: IANA
    Address: 4676 Admiralty Way, Suite 330
    City: Marina del Rey
    StateProv: CA
    PostalCode: 90292-6695
    Country: US
    NetRange: 10.0.0.0 - 10.255.255.255
    CIDR: 10.0.0.0/8
    NetName: RESERVED-10
    NetHandle: NET-10-0-0-0-1
    Parent:
    NetType: IANA Special Use
    NameServer: BLACKHOLE-1.IANA.ORG
    NameServer: BLACKHOLE-2.IANA.ORG
    Comment: This block is reserved for special purposes.
    Comment: Please see RFC 1918 for additional information.
    Comment:
    RegDate:
    Updated: 2002-09-12
    OrgAbuseHandle: IANA-IP-ARIN
    OrgAbuseName: Internet Corporation for Assigned Names and Number
    OrgAbusePhone: +1-310-301-5820
    OrgAbuseEmail: abuse@iana.org
    OrgTechHandle: IANA-IP-ARIN
    OrgTechName: Internet Corporation for Assigned Names and Number
    OrgTechPhone: +1-310-301-5820
    OrgTechEmail: abuse@iana.org

    My research brought this up for the 2 ip addresses
    S25vd2xlZGdlIGlzIHBvd2VyIQ

  4. #4
    There is no such company as Matsushita Semiconductor in Singapore. Also the addresse is also a load of bull..

    Looks like they are harvesting personal info, and seing if the email addies are active so they can sell that off also..

  5. #5
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Hi Phunction,

    Received: from dead-or-live.de (HELO vs8401.vserver4free.de) ([84.16.238.70])
    That is not what one would expect of a major corporate?

    Here is what I found:

    http://www.dnsstuff.com/tools/whois....38.70&email=on

    There is an option to show the full e-mail addresses, including the abuse reporting one:

    remarks: � � � �We are a Internet Service Provider!!
    remarks: � � � �These IP-numbers are in use by our customers.
    remarks: � � � �In case of Spam/Virus/Portscan/Attack etc.
    remarks: � � � �please send an e-mail to abuse@star-hosting.de
    remarks: � � � �containing the IP-Numbers involved and timestamps.

    we export into the canada/America and some parts of Europe
    Please note the capitalisations and the fact that hockey was not mentioned
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  6. #6
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    read somewhere that the basis of these is theft :

    you sign up
    start the 'work'
    cheques arrive
    you put them into your account and send off their cut [total - your 10%]
    forwarding the cash quickly, would be reinforced in the 'literature'
    the quicker you send it in, the quicker you get YOUR cut
    and the work is none existant
    that would be explained in the first EMail
    We are searching for representatives who can help us establish a medium of getting our funds from our costumers in these areas as well as making payments through you to us.
    you have been posted as the contact point for the product

    BUT those first cheques are duds

    and they cash your cheque and feck off

    you may consider it to be a lot of effort for small returns
    but they are selling major white goods at around $300 a pop
    you get 10 cheques = $3000
    you send $2700

    you've been stiffed for $2700

    times that by the one born every minute factor plus you would not be the only one

    total cost to them is setting up some bogus reciept paperwork
    and mailing out some dud cheques

    Oh, and those details can be used to build an ID [ YOURS - part 2 ]
    and your addy is passed around as a real live schmuck

    welcome to the world of the scum bags

    just remember there is NO such thing as a free lunch
    apart from that one promised to AO'ers at Galdron's place
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Foxy is correct. There are several versions of this scam out there now but the mechanics are exactly the same.

    I have personally observed this version along with one from (surprise) Nigeria where one of the late king's prince would like me to assist in the sale of "magical treasures".

    The FBI and other law enforcement brances are very familiar with these scams but at the moment they are not wide spread relative to the classics.

    --Th13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #8
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    foxy:
    I was wondering if it was a money laundering scene or something of that type. Facinating and devious scam. Thanks for the explanation.

    In some regards these emails are just amusing because of spelling errors and how suspicious they are but also sickening as many people out there bite.

    I was gonna forward to the PIRT team (http://www.castlecops.com/pirt) but it didnt really sound like a phishing attempt.

    Damn scams...and spam.

    Thanks all.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides