Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Web Scams

from [Gilmore, Corey (DPC)] Network Security [Permanent Link]
Subject: RE: Web Scams
Date: Thu, 26 Aug 2004 18:18:09 -0400 


-----Original Message-----
From: shawn [mailto:pakkit@codepiranha.org] 
Sent: Thursday, August 26, 2004 6:27 AM
To: Lawrence, Michael
Cc: webappsec@securityfocus.com
Subject: Re: Web Scams

I can virtually guarantee you that reporting it to any 
"authorities" is useless.  They aren't going to look at it at 
all.  There has been no damage and most likely they have no 
expertise or jurisdiction and, frankly, have more important 
things to do.

You are probably better off looking at the headers of the 
email message, getting the original IP and then finding out 
what company owns that IP from ARIN.  Then send the email 
along with the full headers to the abuse or security contact 
for that company.  If you're lucky, they will track down who 
sent the original email and suspend his account.  Regardless 
of what they do, you also will probably not hear back from them.

Wish I had better news for you...



I would forward the message, with full headers, to the organization
being spoofed.  Usually there is an email listed for this, but some
combination of abuse@spoofed.company, fraud@spoofed.company,
spoof@spoofed.company usually works if you're lazy.

Best Buy - bestbuysecurityinfo@postfuture.com
EarthLink - fraud@corp.earthlink.net
eBay - spam@ebay.com
PayPal - spoof@paypal.com

The IFCC (Internet Fraud Complaint Center) is another resource,
http://www1.ifccfbi.gov/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: key storage, Brown, James F.
Next by Date:  RE: ASP authentication, Zuech, Richard
Previous by Thread:  Re: Web Scams, Ronald Smith
Next by Thread:  RE: Web Scams, Jerry Dixon
Indexes:  [Date] [Thread] [Top] [All Lists]