For the first time in months, I check my email address listed in the whois registry. Skimming through all the junk, I notice a title that catches my eye, Scams. And I open it (some info censored for privacy):
From: Chase ******* <*****.*******@kcsg.com>
To: ME
Subject: Scams
Date: 18/01/08 17:37
I know you have been sending fake IRS emails and setup a fake IRS set to
collect my information such as SS number and credit card number. I have
reported you to the local authorities in Stockholm and they are on there
way to pick you up for fraud. Have fun in jail. Peace.
–
Chase *******
KCSG News, IT
At first, I thought this was some kind of prank. Then I remembered my web host mentioning to me over MSN, in a non-serious manner, that someone reported to him that one of my domains was used for phishing. I asked him if it was something I was responsible of doing, he said no. I was confused but had other things to do and didn’t think about it more.
I search for my domain on Google and find that it indeed was used for phishing, and the phish was already published on the anti-phishing website Castle Cops. By now I started to panic.
Checking through my email, I found more messages of the same kind. I immediately called the Swedish Police, but unfortunately their IT department only works on weekdays, so I’ll have to call again tomorrow. I’ve also emailed GoDaddy and various other people.
Additional Info:
- The phishing email was sent out at the 17th (3 days ago).
- The domain folder shows a CHMOD of 775, unchangeable.
Phishing Email Header: (from one of those emails I got)
Received: from mail.pegaprecision.com ([71.158.242.2]) by mail.decossas.com with Microsoft SMTPSVC(6.0.3790.1830);
Thu, 17 Jan 2008 06:14:50 -0600
Received: from User ([151.12.152.26]) by mail.pegaprecision.com with Microsoft SMTPSVC(6.0.3790.3959);
Thu, 17 Jan 2008 04:12:31 -0800
Reply-To: <no_reply@usa.gov>
From: "Internal Revenue Service U.S.A"<service@usa.gov>
Subject: Notice From IRS
Date: Thu, 17 Jan 2008 13.13.29 +0100
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
Return-Path: service@usa.gov
Message-ID: <JUPITERvmkBgAusejaa000027ef@mail.pegaprecision.com>
X-OriginalArrivalTime: 17 Jan 2008 12:12:31.0718 (UTC) FILETIME=[3C56B060:01C85902]
X-TM-AS-Product-Ver: SMEX-7.0.0.1345-5.0.1023-15672.002
X-TM-AS-Result: Yes-28.070100-8.000000-1
Any help is appreciated!
Currently, I’m still very confused about what to do and would appreciate if anyone knowledgeable in the field would give a few suggestions. It would be nice if you could link to this post hopefully to attract people who know what to do.
