Those of you that are Canadian will recognize the Interac symbol. And the company, Certapay, was created for online transactions between Interac users and banks that support Interac. A friend of mine received the following (please note: he's not selling laptop --- he's a packrack; he never sells his comps).

Dear User,

MARYBETH HEDD has sent you an INTERAC Email Money Transfer.

Amount: $961.00 (CAD)

Sender's Message: Payment for laptop.

Expiry Date: 2005-04-20

Action Required:
To deposit your money, click here:
hxxp://gateway-certapay.com/RP.do/?pID=Sli6g20jkm8%3D

Trouble with the link? Copy the link and paste it into your web
browser address bar. Please make sure all the characters after the
"pID=" are present.

Need help?
https://www.certapay.com/ca/oon/en/help
It may not have been evident at first but the link address is definately questionable.

Certapay resolves to:

Registrant:
Certapay Inc. (CERTAPAY2-DOM)
55 university avenue, 8th floor
toronto, ontario m5j 2h7
CA

Domain Name: CERTAPAY.COM

Administrative Contact:
Officer, Security (THOXYPSYAI) [email protected]
CertaPay Inc.
55 University Avenue
Toronto, Ontario M5J 2H7
CA
999 999 9999

Technical Contact:
Q9 Networks Inc. (CD4054-ORG) [email protected]
100 Wellington Street West, Suite 900
Toronto, ON M5K 1J3
CA
+1 416 362 7000 fax: +1 416 362 7001

Record expires on 27-Apr-2010.
Record created on 27-Apr-2000.
Database last updated on 17-Apr-2005 17:03:22 EDT.

Domain servers in listed order:

NS1-AUTH.Q9.COM 216.220.35.20
NS2-AUTH.Q9.COM 216.220.36.20
Gateway-certapay.com resolves to:

Hostway Whois Server Version 1.0
Domain Name: gateway-certapay.com

Registrar: AAAQ.COM

Whois Server: whois.aaaq.com

Referral URL: http://www.aaaq.com

Name Server: a.dns.hostway.net

Name Server: b.dns.hostway.net

Status: ACTIVE

Updated Date 2005-04-11

Creation Date: 2005-04-11

Expiration Date: 2006-04-11

Registrant:



Aubrey Page [email protected]

5207 W. Meadowridge Road



Sherman, TX 75092

US

19038922325 Fax:



Administrative Contact:

Aubrey Page [email protected]

5207 W. Meadowridge Road



Sherman, TX 75092

US

19038922325 Fax:



Technical Contact:

Administrator DNS [email protected]

1 N State Street

12th Floor

Chicago, IL 60602

US

+1.3122362132 Fax: +1.3122361958



Billing Contact:

Aubrey Page [email protected]

5207 W. Meadowridge Road



Sherman, TX 75092

US

19038922325 Fax:
Now, to make things more interesting the header info is as follows:

eceived: from cm-62.179.162.119.chello.no ([62.179.162.119]) by [email protected] (8.13.1/8.12.10) with SMTP id j3H6xTJf012290 for <[email protected]>; Sun, 17 Apr 2005 02:59:30 -0400 (EDT)
Received: from [email protected] ([62.179.162.119]) by [email protected] with Microsoft SMTPSVC(5.0.4735.8274); Mon, 18 Apr 2005 02:57:10 -0200
Received: from terbium612.n'[email protected] ([email protected] [62.179.162.119]) by [email protected] (Postfix) with SMTP id 688OTR784I5ML for <[email protected]>; Sun, 17 Apr 2005 21:58:10 -0700
Received: from [email protected] ([62.179.162.119]) by [email protected] with Microsoft SMTPSVC(5.0.6599.8971); Mon, 18 Apr 2005 05:55:10 +0100
Received: from [email protected] ([41.192.81.134]) by [email protected] with MailEnable ESMTP; Mon, 18 Apr 2005 07:54:10 +0300
Return-Path: <[email protected]>
The 62.179.162.119 shows up as a Netherlands registeration while the 41.x.x.x one shows up as reserved by IANA. I'm guessing it's a form of greedy phishing. The receipent, being greedy, decides to take the money and logs on to what they think is their banks equivelant of this site. In actual fact, it's a spoof.

I've sent a note to Certapay and will probably also forward it to my bank (RBC is possibly the largest of the 5 that set this system up) to see what they have to say.