Phishing Alert: Maruti Suzuki Recruitment
Here is an interesting message I received today morning: Maruti Suzuki sends me an interview notice in capitals and exclamations.
“INTERVIEW NOTICE!”
Attached to the email is a file “Interview Notice.rtf”, which impels me to deposit Rs. 15,200/- in Cash to an yet to be declared SBI account; apparently as a guarantee that I will attend the interview once they send me the air-tickets.
The English is atrocious. Here’s a sample:
“… the amount is just to prove that you will be coming for the interview in order for us not to run at lost after sending you the air ticket and you don’t show up on the day of interview. Upon your respoce,contact detials will be given to you. …”
Though I have reported this message to Google and I am publishing it on my blog, there will be those who will proceed to do as directed by these crooks.
Bloody crooks. Bloody victims.
Technical Analysis:
A quick lookup of the Source IP reveals that “41.203.64.253 is from Nigeria(NG) in region Southern Africa”.
Nigerian 419 Scam ahoy!
The SMTP server used (netmail.aecom.yu.edu) belongs to “Albert Einstein College of Medicine, Information Technology Services, 1300 Morris Park Avenue, B1107, Bronx, NY 10461, UNITED STATES”.
Pretty poor SMTP security configuration. Definitely not the place to study Information Technology. Medicine? Maybe.
Here are the full email headers for those wishing to delve deeper:
Delivered-To: ___@rajib.com
Received: by 10.204.102.74 with SMTP id f10cs136841bko;
Thu, 10 Mar 2011 09:00:05 -0800 (PST)
Received: by 10.229.25.211 with SMTP id a19mr5499999qcc.81.1299776404744;
Thu, 10 Mar 2011 09:00:04 -0800 (PST)
Return-Path:
Received: from mx1.aecom.yu.edu (mx1.aecom.yu.edu [129.98.1.51])
by mx.google.com with ESMTP id p6si7006593qcu.187.2011.03.10.09.00.04;
Thu, 10 Mar 2011 09:00:04 -0800 (PST)
Received-SPF: neutral (google.com: 129.98.1.51 is neither permitted nor denied by domain of maruti.suzukiindia568@gmail.com) client-ip=129.98.1.51;
Authentication-Results: mx.google.com; spf=neutral (google.com: 129.98.1.51 is neither permitted nor denied by domain of maruti.suzukiindia568@gmail.com) smtp.mail=maruti.suzukiindia568@gmail.com
Received: from draco.aecom.yu.edu (draco.aecom.yu.edu [129.98.1.160])
by mx1.aecom.yu.edu (Postfix) with ESMTP id 04F5F9F0589;
Thu, 10 Mar 2011 12:00:03 -0500 (EST)
X-AuditID: 816201a0-a336abb00000153e-a1-4d790392eef9
Received: from smtp2.aecom.yu.edu (smtp2.aecom.yu.edu [129.98.1.62])
by draco.aecom.yu.edu (Symantec Mail Security) with ESMTP id 44362718004;
Thu, 10 Mar 2011 12:00:02 -0500 (EST)
Received: from netmail.aecom.yu.edu (netmail2.aecom.yu.edu [129.98.1.59])
by smtp2.aecom.yu.edu (Postfix) with ESMTP id C6012E2E5;
Thu, 10 Mar 2011 12:00:01 -0500 (EST)
Received: from 41.203.64.253
(SquirrelMail authenticated user dozhang)
by netmail.aecom.yu.edu with HTTP;
Thu, 10 Mar 2011 12:00:02 -0500
Message-ID: <92b40029d8ae9f09a98ff4acf6199d5b.squirrel@netmail.aecom.yu.edu>
Date: Thu, 10 Mar 2011 12:00:02 -0500
Subject: INTERVIEW NOTICE!
From: “MARUTI SUZUKI PRIVATE LIMITED”
User-Agent: SquirrelMail/1.4.18
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary=”—-=_20110310120002_63107″
X-Priority: 3 (Normal)
Importance: Normal
To: undisclosed-recipients:;
X-Brightmail-Tracker: AAAAAA==
——=_20110310120002_63107
Content-Type: text/plain; charset=”iso-8859-1″
Content-Transfer-Encoding: 8bit
SEE ATTACH FILE FOR DETAILS
hi rajib..
really the sender of such emails seems to be technically dumb..
even if their technical knowledge is good, they should now discover new ways to make fool out of us…these are old methods alive from past 5 yrs & now almost all of the vintage internet users are aawre of these…
But thanks to your effort, it will definately help many of us to not to fall in these traps…
will be watching the space for more……
There’s a website called 419eater http://www.419eater.com/index.php
There they bait the scammers and waste their time.
good site