FAKE EMAIL ALERT
Hello
I received a paid email this morning, supposedly from Anything-Goes. The title is "GUARANTEED MONEY AFTER 5 DAYS!!" - this is not even in the format that we use on our paid emails. We have also had reports of one supposedly from ClicksMania. IT IS POSSIBLE THAT OTHER SITES, NOT JUST OURS, ARE AFFECTED!!
IT IS A FAKE!!
The email does NOT even come through our servers, but from one in Ireland, but this too could be false.
The 'from' address is no_reply@ but we do not use that address to send paid emails - it doesn't even exist.
ALL of our paid emails have a particular format and title - the fake one does not.
ALL emails sent through our servers are authenticated by SPF records and DomainKeys - the fake one does not contain any authentication. I STRONGLY RECOMMEND THAT ALL PROGRAM OWNERS (that use cPanel 11+) CHECK THAT THESE ARE BOTH ENABLED. If you are not sure how to do this, contact your host.
Anyone can view the headers of our emails and those of the fake to compare - this will show which is genuine and which is not.
Our server and/or Program has NOT been hacked - this has been done from outside of our hosting environment and as such is completely beyond our control.
Our memberbase and/or mailing list has NOT been sold or distributed, nor has it been compromised. In fact the email I received did not come to the email address I use to receive my paid emails for this Program.
DO NOT CLICK ON ANY LINKS IN THE FAKE EMAILS - THERE COULD BE MALICIOUS CODE IN THE DESTINATION WEBSITE!!
I will be posting this message on all of our programs and on GPF & GFO.
On this occasion, we will permit Members to copy this message onto the various forums to warn as many people as we can. Please do NOT send out as Spam.
ETA: The site that is being advertised in the fake emails is true-money.c_o_m. I believe that this is the same url that was used to replace existing ads in the few programs that were hacked a while ago (Donkey, MadEarnings, etc.). I suspect that they have gained the mailing lists from the 'hacked' sites. As many Members use the same emails in all PTR sites, it would make sense. I had contact from an ex-Member of ClicksMania who received one of these emails today - that user's account was set to inbox only and had not been an active member since November 2008 - the account has now been purged.
If they are using a large email database such as Donkey - we could be in for a rough ride and this will affect many sites and members.
Best Regards
Tony
Full Version: FAKE EMAIL ALERT !!! High Risk Notice !
Hello
Further to the above post, I have seen similar emails supposedly from our other sites and indeed from many other programs.
There have been reports at GFO that members have received this type of email from a variety of PTR Programs, so this confirms that it is not just our sites that have been targeted.
I have sent Admin Messages on all of our Programs, warning Members to be on the look out for these fakes. The main subject is as stated above, but another version with the title "Your King Investment Account is successfully created", is also doing the rounds.
Whilst I appreciate Members and others forwarding the emails to me, there is very little I can do about it. They are clearly not coming from our servers and as such it is completely beyond our control. I would ask that these emails are NOT forwarded to us, but reported to anti-spam agencys. The more that are reported, the more chance of the sending IPs/Hosts being forced to shut down the offenders.
Best Regards
Tony
Further to the above post, I have seen similar emails supposedly from our other sites and indeed from many other programs.
There have been reports at GFO that members have received this type of email from a variety of PTR Programs, so this confirms that it is not just our sites that have been targeted.
I have sent Admin Messages on all of our Programs, warning Members to be on the look out for these fakes. The main subject is as stated above, but another version with the title "Your King Investment Account is successfully created", is also doing the rounds.
Whilst I appreciate Members and others forwarding the emails to me, there is very little I can do about it. They are clearly not coming from our servers and as such it is completely beyond our control. I would ask that these emails are NOT forwarded to us, but reported to anti-spam agencys. The more that are reported, the more chance of the sending IPs/Hosts being forced to shut down the offenders.
Best Regards
Tony
Here are some samples of the emails that I have seen:
1)
2)
These are exactly as received, with the exception of my edits to the URLs to make them unclickable.
The format appears to be the same on all reported emails - not a format that we use.
The 'from' address always contains noreply@, but we do not use this type of address - noreply@ does not even exist. The default for CC Scripts is 'rewards@'.
I have checked the headers of all the fake emails that I have received and they appear to emanate from different IPs and/or hosts, so these are most likely false too, making it difficult to report.
My only suggestion to relieve this problem, albeit very difficult, is for all those affected to change to a new email account in their various PTRs and either get rid of the one that these fakes are being sent to, or use it only to receive spam.
The perpetrators are obviously using a harvested email database, most likely gleaned from hacked sites. As many people use the same email address for all their PTRs and are members of many programs, all these offenders have to do is run a script that automatically inserts the site name and sends the emails to all those addresses in the database. The chances of these emails being received by actual members is extremely high, but I have been getting reports of ex or non-members getting these mails supposedly from our (or other) sites.
It also appears that they are using payment processor addresses in addition to the main. Many members use a different email address for their paid emails to their payment processor address. In this scenario, the hackers now have 2 email addresses per member. For example, I have received 2 copies of the same email - one to my Paid Email address and one to my PayPal or AlertPay address.
If they are using the database from the once hacked Donkey, in combination with the other sites that were hacked, the database of email addresses will be vast. What we have seen so far is potentially only the tip of the iceberg.
Best Regards
Tony
1)
QUOTE
Title: GUARANTEED MONEY AFTER 5 DAYS!!
-----Inline Attachment Follows-----
---
Hello dear member,
Underneath you'll find a brand new paid mail.
Have a nice day and please remember that it are the advertisers that pay you.
--- Paid Ad ---
GUARANTEED MONEY AFTER 5 DAYS!!
Earn a Guaranteed $349,859.00 Payment Automatically.
First payment within the first 5 days Guaranteed.
No Recruiting and no Sponsoring required.
We do absolutely all the work for you - YES, that's right.
We do all the advertising and promotion for you until all the $349,859.00 is in your account.
All members make a profit - not just a select few who happen to get in early.
hxxp://true-money.c_o_m/index2.php?ref=lastmata
Fully Automated System - pays cash instantly directly into your account.
This is an opportunity which pays guaranteed.
The Next Generation of Internet Based Capital Building
Programs Has Arrived.
Never Again Sink into the Bottomless Sea of Network
Marketing Scams.
This is the easiest, fastest and most guaranteed way to earn
money on the Internet.
Visit our website to learn more:
hxxp://true-money.c_o_m/index2.php?ref=lastmata
Best regards
Roy A
--- Disclaimer ---
This e-mail is not spam. You receive this email because you're a member of get paid to read program.
We have a system with double opt-in membership so it's almost impossible that you didn't sign yourself up.
However, if you wish to cancel your membership and stop receiving eMails you can do this by going to our site, go to the member space.
Log yourself in and click "user account info" in the member menu.
Then scroll all the way down to cancel your membership and loose all your earnings.
It is also possible to send us an e-mail where you ask us to cancel your membership.
-----Inline Attachment Follows-----
---
Hello dear member,
Underneath you'll find a brand new paid mail.
Have a nice day and please remember that it are the advertisers that pay you.
--- Paid Ad ---
GUARANTEED MONEY AFTER 5 DAYS!!
Earn a Guaranteed $349,859.00 Payment Automatically.
First payment within the first 5 days Guaranteed.
No Recruiting and no Sponsoring required.
We do absolutely all the work for you - YES, that's right.
We do all the advertising and promotion for you until all the $349,859.00 is in your account.
All members make a profit - not just a select few who happen to get in early.
hxxp://true-money.c_o_m/index2.php?ref=lastmata
Fully Automated System - pays cash instantly directly into your account.
This is an opportunity which pays guaranteed.
The Next Generation of Internet Based Capital Building
Programs Has Arrived.
Never Again Sink into the Bottomless Sea of Network
Marketing Scams.
This is the easiest, fastest and most guaranteed way to earn
money on the Internet.
Visit our website to learn more:
hxxp://true-money.c_o_m/index2.php?ref=lastmata
Best regards
Roy A
--- Disclaimer ---
This e-mail is not spam. You receive this email because you're a member of get paid to read program.
We have a system with double opt-in membership so it's almost impossible that you didn't sign yourself up.
However, if you wish to cancel your membership and stop receiving eMails you can do this by going to our site, go to the member space.
Log yourself in and click "user account info" in the member menu.
Then scroll all the way down to cancel your membership and loose all your earnings.
It is also possible to send us an e-mail where you ask us to cancel your membership.
2)
QUOTE
Title: Your King Investment Account is successfully created
-----Inline Attachment Follows-----
---
Hello dear member,
Underneath you'll find a brand new paid mail.
Have a nice day and please remember that it are the advertisers that pay you.
--- Paid Ad ---
Welcome to King Investment!
We pay 25% Daily-150% After 7 Days-300% After 14 Days! Click here to invest!
When deposit is received, daily,hourly profit credit will begin the next day (GMT).
Daily profit credit will be made 7 days per week (Monday - Sunday).
Each credit will be from 25% - 300% of each deposit, according to your plan.
You will receive your payment directly into your libertyreserve account.
hxxp://www.king-investment.n_e_t/?r=U9609374
--- Disclaimer ---
This e-mail is not spam. You receive this email because you're a member of get paid to read program.
We have a system with double opt-in membership so it's almost impossible that you didn't sign yourself up.
However, if you wish to cancel your membership and stop receiving eMails you can do this by going to our site, go to the member space.
Log yourself in and click "user account info" in the member menu.
Then scroll all the way down to cancel your membership and loose all your earnings.
It is also possible to send us an e-mail where you ask us to cancel your membership.
-----Inline Attachment Follows-----
---
Hello dear member,
Underneath you'll find a brand new paid mail.
Have a nice day and please remember that it are the advertisers that pay you.
--- Paid Ad ---
Welcome to King Investment!
We pay 25% Daily-150% After 7 Days-300% After 14 Days! Click here to invest!
When deposit is received, daily,hourly profit credit will begin the next day (GMT).
Daily profit credit will be made 7 days per week (Monday - Sunday).
Each credit will be from 25% - 300% of each deposit, according to your plan.
You will receive your payment directly into your libertyreserve account.
hxxp://www.king-investment.n_e_t/?r=U9609374
--- Disclaimer ---
This e-mail is not spam. You receive this email because you're a member of get paid to read program.
We have a system with double opt-in membership so it's almost impossible that you didn't sign yourself up.
However, if you wish to cancel your membership and stop receiving eMails you can do this by going to our site, go to the member space.
Log yourself in and click "user account info" in the member menu.
Then scroll all the way down to cancel your membership and loose all your earnings.
It is also possible to send us an e-mail where you ask us to cancel your membership.
These are exactly as received, with the exception of my edits to the URLs to make them unclickable.
The format appears to be the same on all reported emails - not a format that we use.
The 'from' address always contains noreply@, but we do not use this type of address - noreply@ does not even exist. The default for CC Scripts is 'rewards@'.
I have checked the headers of all the fake emails that I have received and they appear to emanate from different IPs and/or hosts, so these are most likely false too, making it difficult to report.
My only suggestion to relieve this problem, albeit very difficult, is for all those affected to change to a new email account in their various PTRs and either get rid of the one that these fakes are being sent to, or use it only to receive spam.
The perpetrators are obviously using a harvested email database, most likely gleaned from hacked sites. As many people use the same email address for all their PTRs and are members of many programs, all these offenders have to do is run a script that automatically inserts the site name and sends the emails to all those addresses in the database. The chances of these emails being received by actual members is extremely high, but I have been getting reports of ex or non-members getting these mails supposedly from our (or other) sites.
It also appears that they are using payment processor addresses in addition to the main. Many members use a different email address for their paid emails to their payment processor address. In this scenario, the hackers now have 2 email addresses per member. For example, I have received 2 copies of the same email - one to my Paid Email address and one to my PayPal or AlertPay address.
If they are using the database from the once hacked Donkey, in combination with the other sites that were hacked, the database of email addresses will be vast. What we have seen so far is potentially only the tip of the iceberg.
Best Regards
Tony
Seems it has some relationship with the recent hack at some sites including shareadspace, rosebizs and mails2u. The hackers might have copied the entire database and use it to spam.
I've got the above mails, from the sites where I am not even allowed to sign up. And from some sites where I canceled my account.
I've got the above mails, from the sites where I am not even allowed to sign up. And from some sites where I canceled my account.
QUOTE (Venkat_ProMLP @ Mar 6 2009, 10:46 PM) 
Seems it has some relationship with the recent hack at some sites including shareadspace, rosebizs and mails2u. The hackers might have copied the entire database and use it to spam.
I've got the above mails, from the sites where I am not even allowed to sign up. And from some sites where I canceled my account.
I've got the above mails, from the sites where I am not even allowed to sign up. And from some sites where I canceled my account.
Yeah that sounds right, I am getting them from all kinds of sites too.
QUOTE
Flag this message
I Want To Give YOU My "Top 10" High Profit Web Sites!
Tuesday, March 10, 2009 7:46 AM
From:
"Clickerslounge" <noreply@clickerslounge.com>
Add sender to Contacts
To:
Array@yahoo.com, edited@yahoo.com
-----Inline Attachment Follows-----
-----Inline Attachment Follows-----
---
Hello dear member,
Underneath you'll find a brand new paid mail.
Have a nice day and please remember that it are the advertisers that pay you.
--- Paid Ad ---
I Want To Give YOU My "Top 10" High Profit Web Sites!
hxxp://highprofitadsensesites.info/
I make now over $31,000 a month with Google Adsense.
But before I tell you more about my Adsense sites,
I just want to point out that other people on Internet claim that they make
thousands of dollars a month with Adsense but they lack one thing… PROOF!
Anyone can put random pictures of mansions and fast cars in their sites
to make you think they are successful, but don't trust anyone who can't give
you real-life verification of how much they make!
--- Disclaimer ---
This e-mail is not spam. You receive this email because you're a member of get paid to read program.
We have a system with double opt-in membership so it's almost impossible that you didn't sign yourself up.
However, if you wish to cancel your membership and stop receiving eMails you can do this by going to our site, go to the member space.
Log yourself in and click "user account info" in the member menu.
Then scroll all the way down to cancel your membership and loose all your earnings.
It is also possible to send us an e-mail where you ask us to cancel your membership.
I Want To Give YOU My "Top 10" High Profit Web Sites!
Tuesday, March 10, 2009 7:46 AM
From:
"Clickerslounge" <noreply@clickerslounge.com>
Add sender to Contacts
To:
Array@yahoo.com, edited@yahoo.com
-----Inline Attachment Follows-----
-----Inline Attachment Follows-----
---
Hello dear member,
Underneath you'll find a brand new paid mail.
Have a nice day and please remember that it are the advertisers that pay you.
--- Paid Ad ---
I Want To Give YOU My "Top 10" High Profit Web Sites!
hxxp://highprofitadsensesites.info/
I make now over $31,000 a month with Google Adsense.
But before I tell you more about my Adsense sites,
I just want to point out that other people on Internet claim that they make
thousands of dollars a month with Adsense but they lack one thing… PROOF!
Anyone can put random pictures of mansions and fast cars in their sites
to make you think they are successful, but don't trust anyone who can't give
you real-life verification of how much they make!
--- Disclaimer ---
This e-mail is not spam. You receive this email because you're a member of get paid to read program.
We have a system with double opt-in membership so it's almost impossible that you didn't sign yourself up.
However, if you wish to cancel your membership and stop receiving eMails you can do this by going to our site, go to the member space.
Log yourself in and click "user account info" in the member menu.
Then scroll all the way down to cancel your membership and loose all your earnings.
It is also possible to send us an e-mail where you ask us to cancel your membership.
I did whois lookup and sent owner of domain a nice email:
Please stop sending your mail using my domain name you low life spammer and scammer.
I own clickerslounge.com and I did not send this I be suing you.
I also be taking out warrants for your arrest for fraud and spam.
Registrant Name:Buharin Ivan
Registrant Organization:N/A
Registrant Street1:Sumskaya st
Registrant Street2:
Registrant Street3:
Registrant City:Kharkov
Registrant State/Province:Kharkiv Oblast
Registrant Postal Code:49000
Registrant Country:UA
Then got his email addy at paypal and sent a bill for $200 to support@highprofitadsensesites.info.
----------------------------------------------------------------
Money Request details
----------------------------------------------------------------
Amount: $200.00 USD
Subject: PayPal money request from Jeffrey Johnson
Note: Please pay me due to you sending me spam.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.