I didn't intend to post again this evening but a curious thing happened today and we were discussing it. Certain ideas occurred to us as to what it meant.
Basically, this came to one of my emails but not the usual one:
Someone seemed to want to sign in to bloghounds email, which is the one we use for new membership requests. This person pretended that he/she had lost the password and asked for it to be sent. The weakness in this argument is that how would he/she know where it would have been sent? And why would anyone want to get into the bloghounds email anyway?
The alternative was that he/she was not interested in getting in but wanted to go through the question and answer thing to get them to send the password but somehow didn't get the answers right. Again, why would anyone want the bloghounds password? It only works with that account and there are other passwords for the other sections.
Any ideas on this?
Basically, this came to one of my emails but not the usual one:
Sorry, we are unable to release your password because the information
you have provided does not match our records.
Details of the request:
For account: bloghounds@email.com
Password be sent to :
Request from IP address : 41.207.15.136
Request Date/Time : 2008-09-21 14:27:08 GMT
Someone seemed to want to sign in to bloghounds email, which is the one we use for new membership requests. This person pretended that he/she had lost the password and asked for it to be sent. The weakness in this argument is that how would he/she know where it would have been sent? And why would anyone want to get into the bloghounds email anyway?
The alternative was that he/she was not interested in getting in but wanted to go through the question and answer thing to get them to send the password but somehow didn't get the answers right. Again, why would anyone want the bloghounds password? It only works with that account and there are other passwords for the other sections.
Any ideas on this?
James
ReplyDeleteDid a few searches and came up with:
The IP addrss is one of many owned by African network information Centre in Mauritius
OrgName: African Network Information Center
OrgID: AFRINIC
Address: 03B3 - 3rd Floor - Ebene Cyber Tower
Address: Cyber City
Address: Ebene
Address: Mauritius
City: Ebene
StateProv:
PostalCode: 0001
Country: MU
ReferralServer: whois://whois.afrinic.net
NetRange: 41.0.0.0 - 41.255.255.255
CIDR: 41.0.0.0/8
NetName: NET41
NetHandle: NET-41-0-0-0-1
Parent:
NetType: Allocated to AfriNIC
NameServer: NS1.AFRINIC.NET
NameServer: NS-SEC.RIPE.NET
NameServer: NS.LACNIC.NET
NameServer: TINNIE.ARIN.NET
Comment:
RegDate: 2005-04-12
Updated: 2005-07-12
OrgAbuseHandle: GENER11-ARIN
OrgAbuseName: Generic POC
OrgAbusePhone: +230 4666616
OrgAbuseEmail: abusepoc@afrinic.net
OrgTechHandle: GENER11-ARIN
OrgTechName: Generic POC
OrgTechPhone: +230 4666616
OrgTechEmail: abusepoc@afrinic.net
-----------------
And another search showed the ISP to be the Ivory Coast.
General Information
Hostname: 41.207.15.136
ISP: ISP Cote d'Ivoire
Organization: ISP Cote d'Ivoire
Proxy: None detected
Type: Unknown
Geo-Location Information
Country: Cote D'Ivoire
State/Region: 82
City: Abidjan
Latitude: 5.3411
Longitude: -4.0281
Area Code:
Also I did a traceroute on the Ip address and that too ended in Ivory Coast.
Now, I know nothing about these checks. Found them on web and did.
Thanks so much for that, Calum. Well, it shows that the system held up in this instance although even that refusal for them might have told them something.
ReplyDeleteIn general, it shows the minefield we walk through in this blogging lark, thinking we're just setting thoughts out in a post but in fact with wolves everywhere.
In the middle of this are true friends like islands, dotted here and there. You're one.
This is always a worrying situation.
ReplyDeleteI'm a total beginner when it comes to this sort of thing.
Calum's research is impressive!
Scammers/spammers are continually looking for "clean skin" email addresses which they can use to get through spam filters together with the bonus that any in-box they break into will be likely to contain emails to/from other clean accounts they can spoof. West Africa has become a hot-bed for cyber crime which to date has been limited by poor infrastructure and immature technology access. When the One Child One Laptop Africa programme gets off the ground you can expect this irritant to become a deluge, at which point we are sure to be offered a new and secure private internet by Microsoft. I was born cynical btw.
ReplyDeleteLearning the whole time, Wolfie.
ReplyDeleteDragonstar - it is worrying.
ReplyDeleteGo to ip2location.com there you can trace an ip if you have it in full.
ReplyDeleteThanks, Nunyaa - I lost that link.
ReplyDeleteWith Wolfie on this one...
ReplyDeleteLots of scam emails going on at the mo! If in doubt ignore!