Phishing Alert: Maruti Suzuki Recruitment

Here is an interesting message I received today morning: Maruti Suzuki sends me an interview notice in capitals and exclamations.
“INTERVIEW NOTICE!”

Attached to the email is a file “Interview Notice.rtf”, which impels me to deposit Rs. 15,200/- in Cash to an yet to be declared SBI account; apparently as a guarantee that I will attend the interview once they send me the air-tickets.

The English is atrocious. Here’s a sample:
“… the amount is just to prove that you will be coming for the interview in order for us not to run at lost after sending you the air ticket and you don’t show up on the day of interview. Upon your respoce,contact detials will be given to you. …”

Though I have reported this message to Google and I am publishing it on my blog, there will be those who will proceed to do as directed by these crooks.

Bloody crooks. Bloody victims.

Technical Analysis:
A quick lookup of the Source IP reveals that “41.203.64.253 is from Nigeria(NG) in region Southern Africa”.
Nigerian 419 Scam ahoy!

The SMTP server used (netmail.aecom.yu.edu) belongs to “Albert Einstein College of Medicine, Information Technology Services, 1300 Morris Park Avenue, B1107, Bronx, NY 10461, UNITED STATES”.
Pretty poor SMTP security configuration. Definitely not the place to study Information Technology. Medicine? Maybe.

Here are the full email headers for those wishing to delve deeper:

Delivered-To: ___@rajib.com

Received: by 10.204.102.74 with SMTP id f10cs136841bko;

Thu, 10 Mar 2011 09:00:05 -0800 (PST)

Received: by 10.229.25.211 with SMTP id a19mr5499999qcc.81.1299776404744;

Thu, 10 Mar 2011 09:00:04 -0800 (PST)

Return-Path:

Received: from mx1.aecom.yu.edu (mx1.aecom.yu.edu [129.98.1.51])

by mx.google.com with ESMTP id p6si7006593qcu.187.2011.03.10.09.00.04;

Thu, 10 Mar 2011 09:00:04 -0800 (PST)

Received-SPF: neutral (google.com: 129.98.1.51 is neither permitted nor denied by domain of maruti.suzukiindia568@gmail.com) client-ip=129.98.1.51;

Authentication-Results: mx.google.com; spf=neutral (google.com: 129.98.1.51 is neither permitted nor denied by domain of maruti.suzukiindia568@gmail.com) smtp.mail=maruti.suzukiindia568@gmail.com

Received: from draco.aecom.yu.edu (draco.aecom.yu.edu [129.98.1.160])

by mx1.aecom.yu.edu (Postfix) with ESMTP id 04F5F9F0589;

Thu, 10 Mar 2011 12:00:03 -0500 (EST)

X-AuditID: 816201a0-a336abb00000153e-a1-4d790392eef9

Received: from smtp2.aecom.yu.edu (smtp2.aecom.yu.edu [129.98.1.62])

by draco.aecom.yu.edu (Symantec Mail Security) with ESMTP id 44362718004;

Thu, 10 Mar 2011 12:00:02 -0500 (EST)

Received: from netmail.aecom.yu.edu (netmail2.aecom.yu.edu [129.98.1.59])

by smtp2.aecom.yu.edu (Postfix) with ESMTP id C6012E2E5;

Thu, 10 Mar 2011 12:00:01 -0500 (EST)

Received: from 41.203.64.253

(SquirrelMail authenticated user dozhang)

by netmail.aecom.yu.edu with HTTP;

Thu, 10 Mar 2011 12:00:02 -0500

Message-ID: <92b40029d8ae9f09a98ff4acf6199d5b.squirrel@netmail.aecom.yu.edu>

Date: Thu, 10 Mar 2011 12:00:02 -0500

Subject: INTERVIEW NOTICE!

From: “MARUTI SUZUKI PRIVATE LIMITED”

User-Agent: SquirrelMail/1.4.18

MIME-Version: 1.0

Content-Type: multipart/mixed;boundary=”—-=_20110310120002_63107″

X-Priority: 3 (Normal)

Importance: Normal

To: undisclosed-recipients:;

X-Brightmail-Tracker: AAAAAA==

——=_20110310120002_63107

Content-Type: text/plain; charset=”iso-8859-1″

Content-Transfer-Encoding: 8bit

SEE ATTACH FILE FOR DETAILS