Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Scam in disguise as "job offer"

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spam
View previous topic :: View next topic  
Author Message
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes
PostPosted: Fri Jun 01, 2007 12:50 pm    Post subject: Scam in disguise as "job offer" Reply with quote
Few days ago some outfit sent a "job offer" to my trap based on "my resume they reviewed" (makes me wonder what resume, there's no such thing online, nor has it ever been before)

Mail body:

Quote:
My name is Kevin Braner, I am representing www .settonsolutions.com .

We have analyzed your resume and have found one job available for you towork at home right away with a guaranteed monthly income of $5,500 in the first year.

It does not matter what you do for a living, as long as you have a free
hour every workday.

What we offer:

-Flexible program: two hours/day at your choice, daytime and evening time
-Work at home
-Part time or full time
-Professional contact team with very good support and communication skills
-Other highlights:NO kit to buy, we WON'T charge you anything
-Commission: 10% of every transaction processed.

What we ask:

-Two free hours daily not including weekends
-Internet access for sending and receiving e-mails
-Apply for a merchant account.

IMPORTANT:

-You must be OVER 21 years old.

To learn more please visit our website www .settonsolutions.com.

Please let us know if you are interested to join us.




Best regards,


Kevin Braner


looking at their site it immediately becomes clear that this isn't a legitimate job offer, but boils down to peddling products of unknown origin at ebay... To me this looks like a classic scam.

The "company" reveals the following about themselves:

Quote:
Settonsolutions.com is a wholly owned subsidiary of Setton Solutions Group, LLC. Setton Solutions Group was founded in July of 2001 and incorporated as a Limited Liability Utah company shortly thereafter with the vision of building a scalable loyalty eCommerce platform to be used across all industries.


source: http ://www.settonsolutions.com/home/page.php?9
(no they won't get any links from me so that they get rewarded for their spam by a higher Page Rank in Giggle)

Contrast this with the whois info for that "company":

Quote:
Domain Name: SETTONSOLUTIONS.COM

Registrant:
Setton
Raphael Setton (raphaelsetton @ yahoo.com)
124 Merrion Avenue
London
null,HA7 4RX
GB
Tel. +44.02089542811
Fax. +44.02089542811

Creation Date: 16-May-2007
Expiration Date: 16-May-2008

Domain servers in listed order:
ns4.efaizentdns.com
ns3.efaizentdns.com


Administrative Contact:
Setton
Raphael Setton (raphaelsetton @ yahoo.com)
124 Merrion Avenue
London
null,HA7 4RX
GB
Tel. +44.02089542811
Fax. +44.02089542811

Technical Contact:
Setton
Raphael Setton (raphaelsetton @ yahoo.com)
124 Merrion Avenue
London
null,HA7 4RX
GB
Tel. +44.02089542811
Fax. +44.02089542811

Billing Contact:
Setton
Raphael Setton (raphaelsetton @ yahoo.com)
124 Merrion Avenue
London
null,HA7 4RX
GB
Tel. +44.02089542811
Fax. +44.02089542811

Status:ACTIVE


(Emphasis added by me)

Yahoo whois contact (although yahoo is only meant for private use) and domain registered just a fortnight ago. That's not exactly the way an established business looks like, is it? Wink

The blather continues (for the records and readers' amusement)
Quote:
Today the company has implemented its technology and services in both enterprise business and small business providing private labeled solutions utilized by more than a million customers throughout the world.

source: http ://www.settonsolutions.com/home/page.php?9

Yeah, rrright Smile


Headers:

Quote:
Return-Path: <mail@settonsolutions.com>
X-Flags: 1001
Delivered-To: <spamtrap>
Received: (qmail invoked by alias); 29 May 2007 00:40:23 -0000
Received: from Jailo.hotstation.info (HELO hotstation.info) [210.158.41.1]
by mx0.gmx.net (mx095) with SMTP; 29 May 2007 02:40:23 +0200
Received: (qmail 9308 invoked from network); 29 May 2007 04:44:24 +0900
Received: from unknown (HELO User) (print@207.236.107.2)
by jailo.hotstation.info with SMTP; 29 May 2007 04:44:24 +0900
From: "settonsolutions.com"<mail@settonsolutions.com>
Subject: The Greatest Job Invitation!
Date: Mon, 28 May 2007 14:43:14 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <20070529004023.22296gmx1@mx095.gmx.net>


What immediately strikes are sure signs of spam:
  • fake receive headers (pointing to some address in Canada)
  • Cyrillic charset (so probably Russians or Ukrainians) but mail sent via an unrelated Japanese ip address
  • return address points to a domain registered to an individual in UK and spamvertised address is hosted in the US


for the records, whois lookup of the server's ip address (settonsolutions.com -> 64.187.125.2):

Quote:
OrgName: AccelerateBiz Inc.
OrgID: ACCEL-8
Address: AccelerateBiz Incorporated
Address: 4300 Biscayne Blvd Suite G06
City: Miami
StateProv: FL
PostalCode: 33137
Country: US

NetRange: 64.187.96.0 - 64.187.127.255
CIDR: 64.187.96.0/19
NetName: ACCELERATEBIZ-3-20
NetHandle: NET-64-187-96-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.ACCELERATEBIZ.COM
NameServer: NS2.ACCELERATEBIZ.COM
Comment:
RegDate: 2005-10-24
Updated: 2007-03-28

OrgAbuseHandle: ABUSE1442-ARIN
OrgAbuseName: Abuse Contact
OrgAbusePhone: +1-786-522-2399
OrgAbuseEmail: abuse @ acceleratebiz.com

OrgTechHandle: SM1976-ARIN
OrgTechName: Mueller, Scott
OrgTechPhone: +1-786-522-2399
OrgTechEmail: scott @ acceleratebiz.com

OrgTechHandle: TDA65-ARIN
OrgTechName: Damian, Tudor
OrgTechPhone: +1-786-522-2399
OrgTechEmail: tudy @ acceleratebiz.com


Acceleratebiz has earned a reputation as persistant spam source over the years, as this recent discussion in NANAE demonstrates:
Discussion about spam from accelerate.biz

So the scam domain is more than likely LARTproof and abuse reports a waste of time.

Olliver
Back to top
View user's profile Send private message
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes
PostPosted: Sat Jun 02, 2007 4:29 am    Post subject: Reply with quote
Now the following thread is more than interesting:
Quote:
[...]
i dont [k]now why someone is using my mail server for massive sending mail from an account that i dont [k]now: mail@settonsolutions.com in my server to a lot of email accounts
[...]

(emphasis added by me)
http://www.howtoforge.com/forums/showthread.php?p=73757

Don't we know that domain from somewhere... Wink Now if that's not a clear sign of a spam outfit, than I don't know what is.

Olliver
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spam All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group