I'm putting this here,as I know a lot of people don't read all of the threads. Just looked at my E-mails and found this. I have never had a Westpac Account. Take care people. They do try and make them look genuine, don't they ?
Needless to say, I have deleted it, without clicking on the link so thoughtfully provided.
Cheers,
Sheba.
This is an automated message to notify you that we detected a login attempt with a valid password to your account from an unrecognized device yesterday @
2013 Westpac Financial Corporation. All Rights reserved
Email ID:37322650114300219389726
-- Edited by Sheba on Friday 15th of November 2013 06:43:40 PM
03_troopy said
07:42 PM Nov 15, 2013
Sheba wrote:
I'm putting this here,as I know a lot of people don't read all of the threads. Just looked at my E-mails and found this. I have never had a Westpac Account. Take care people. They do try and make them look genuine, don't they ?
Needless to say, I have deleted it, without clicking on the link so thoughtfully provided.
Cheers,
Sheba.
This is an automated message to notify you that we detected a login attempt with a valid password to your account from an unrecognized device yesterday @
2013 Westpac Financial Corporation. All Rights reserved
Email ID:37322650114300219389726
-- Edited by Sheba on Friday 15th of November 2013 06:43:40 PM
and please don't post the active links. edit them with advanced editor and click on the broken chain (breaks the link) icon so that others reading the post don't click on them.
Cheers.
Troopy
edit: I forgot to say, highlight the link, then hit the broken chain icon
-- Edited by 03_troopy on Friday 15th of November 2013 07:43:11 PM
Dougwe said
02:52 AM Nov 16, 2013
Thanks for the heads up Sheba, I am a customer but wouldn't open a link from them without first checking with a local branch office face to face.
GaryKelly said
03:35 AM Nov 16, 2013
I get heaps of those thing purporting to be Paypal, a bank, or other financial institution. Even eBay. Unless they're addressed to me by name, I ignore them and delete them.
hako said
06:15 AM Nov 16, 2013
Sheba - not questioning your computer literacy, but my PC tells me the link you've posted in your first post is active - unless you've altered it which you don't say.
If you've deleted it, how can you show it on this forum?
Bryan said
06:27 AM Nov 16, 2013
There's lots going around. I must have had at least $80,000 in tax refunds. I printed them all before deleting just in case and one day I get bored enough to present them tax office and ask for a cheque.
Santa said
11:43 PM Nov 16, 2013
Sheba wrote:
hako wrote:
I Copied and Pasted it , then deleted the original. I posted it on at least 4 forums.
Cheers,
Sheba.
Sheba as Hako has pointed out the link in your original post is live, anyone who clicks on it may well be at risk.
You may have deleted it on your PC however it is alive and well at the start of this thread, and possibly anywhere else you may have posted it.
03 Troopy has explained how to deactivate it.
-- Edited by Santa on Saturday 16th of November 2013 11:46:15 PM
slip sliding away said
12:13 AM Nov 17, 2013
Thanks Sheba for sharing...
Sheba said
05:53 AM Nov 17, 2013
hako wrote:
Sheba - not questioning your computer literacy, but my PC tells me the link you've posted in your first post is active - unless you've altered it which you don't say. If you've deleted it, how can you show it on this forum?
I Copied and Pasted it , then deleted the original. I posted it on at least 4 forums.
Cheers,
Sheba.
dorian said
08:04 AM Nov 17, 2013
It appears that a computer ("zombie") at UCLA was compromised and was being used to perpetrate this scam. Below are my ping, traceroute, and ARIN Whois search results. Note that the actual URL that is the source of the scam is "7jm.dyndns-blog dot com". The Westpac text can be replaced with "blah.blah.blah" without altering the results.
BTW, I tried a ping and tracert to the same URL yesterday and was successful in reaching it. Today the requests time out, suggesting that the problem has been rectified.
C:\>ping auth.westpac.com.au.nr-976.7jm.dyndns-blog dot com
Pinging 7jm.dyndns-blog dot com [128 dot 97.224.14] with 32 bytes of data:
Reply from 164 dot 67.62.99: TTL expired in transit. Reply from 164 dot 67.62.99: TTL expired in transit. Reply from 164 dot 67.62.99: TTL expired in transit. Reply from 164 dot 67.62.99: TTL expired in transit.
Ping statistics for 128 dot 97.224.14: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\>ping blah.blah.blah.7jm.dyndns-blog dot com
Pinging 7jm.dyndns-blog dot com [128 dot 97.224.14] with 32 bytes of data:
Reply from 164 dot 67.62.99: TTL expired in transit. Reply from 164 dot 67.62.99: TTL expired in transit. Reply from 164 dot 67.62.99: TTL expired in transit. Reply from 164 dot 67.62.99: TTL expired in transit.
Ping statistics for 128 dot 97.224.14: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\>tracert auth.westpac.com.au.nr-976.7jm.dyndns-blog dot com
Tracing route to 7jm.dyndns-blog dot com [128 dot 97.224.14] over a maximum of 30 hops:
1 * * * Request timed out. 2 34 ms 33 ms 34 ms lns20.syd6.on.ii.net [150.101.199.159] 3 34 ms 33 ms 33 ms te3-1-20.cor2.syd7.on.ii.net [150.101.195.138] 4 34 ms 34 ms 34 ms ae5.br1.syd4.on.ii.net [150.101.33.48] 5 180 ms 181 ms 181 ms te0-1-1-2.bd1.lax1.on.ii.net [203.16.213.65] 6 181 ms 181 ms 181 ms eq-exchange.tr01-lsanca01.transitrail.net [206.223.123.7] 7 182 ms 182 ms 182 ms 64.57.20.227 8 183 ms 184 ms 184 ms dc-lax-core1--lax-px1-10ge-2.cenic.net [137.164.46.150] 9 211 ms 212 ms 212 ms dc-lax-agg5--lax-core1-10ge.cenic.net [137.164.46.133] 10 183 ms 183 ms 182 ms ucla--lax-agg1-10g.cenic.net [137.164.24.135] 11 183 ms 183 ms 182 ms cr01f2.csb1--bd02f1.anderson.ucla.net [169.232.4.104] 12 182 ms 183 ms 182 ms sr01f1.anderson--cr01f2.csb1.ucla.net [169.232.8.27] 13 183 ms 183 ms 183 ms ra11f2.csb1.ucla.net [164.67.62.90] 14 182 ms 182 ms 182 ms 164.67.62.99 15 183 ms 183 ms 182 ms ra11f2.csb1.ucla.net [164.67.62.90] 16 182 ms 182 ms 183 ms 164.67.62.99 17 183 ms 182 ms 182 ms ra11f2.csb1.ucla.net [164.67.62.90] 18 182 ms 182 ms 182 ms 164.67.62.99 19 182 ms 182 ms 182 ms ra11f2.csb1.ucla.net [164.67.62.90] 20 183 ms 183 ms 182 ms 164.67.62.99 21 183 ms 182 ms 182 ms ra11f2.csb1.ucla.net [164.67.62.90] 22 182 ms 183 ms 182 ms 164.67.62.99 23 183 ms 183 ms 182 ms ra11f2.csb1.ucla.net [164.67.62.90] 24 182 ms 183 ms 181 ms 164.67.62.99 25 182 ms 183 ms 183 ms ra11f2.csb1.ucla.net [164.67.62.90] 26 182 ms 183 ms 182 ms 164.67.62.99 27 183 ms 182 ms 183 ms ra11f2.csb1.ucla.net [164.67.62.90] 28 183 ms 183 ms 184 ms 164.67.62.99 29 183 ms 183 ms 183 ms ra11f2.csb1.ucla.net [164.67.62.90] 30 182 ms 183 ms 183 ms 164.67.62.99
Network NetRange 128.97.0.0 - 128.97.255.255 CIDR 128.97.0.0/16 Name UCLANET Handle NET-128-97-0-0-1 Parent NET128 (NET-128-0-0-0-0) Net Type Direct Assignment Origin AS AS52 Organization University of California, Los Angeles (UCLA) Registration Date 1985-11-11 Last Updated 2009-06-10
Organization Name University of California, Los Angeles Handle UCLA Street UCLA Communications Technology Services Campus Services Building I, 2nd Floor 741 Charles E. Young Drive South City Los Angeles State/Province CA Postal Code 90095-1363 Country US Registration Date 1985-10-24 Last Updated 2009-12-22
-- Edited by dorian on Sunday 17th of November 2013 08:17:12 AM
_wombat_ said
01:00 PM Nov 17, 2013
dorian wrote:
I confess I'm still using a very old version of Eudora (I actually paid for mine), but the open source Linux and XP versions sound great. Thanks for the heads up.
dorian, when you have had time to have a look at that one can you please advise if I would need Mozilla Thunderbird to run it? it looks like it maybe an extension to MT
Sorry Sheba, it looks like I have gone off topic, just blame dazren.
-- Edited by _wombat_ on Sunday 17th of November 2013 01:01:40 PM
Cowboy7307 said
02:16 PM Nov 17, 2013
I must have had at least $80,000 in tax refunds,
Is that all you got sitting , your poor lol, i have at least $3000000000000 sitting in Nigeria and America for me, all i have to do is send my bank detales and passwords, that's after i send the $200 so thy can clear it with there banks
_wombat_ said
05:38 PM Nov 17, 2013
I don't know why EVERYBODY has not got this program on their computer, I have been using it for years, it allows you to look on your ISP BEFORE you download your emails to your computer and you just delete the emails you do not want before you download the ones you want to keep to your computer.
There is a free version but you can only use 1 email address.
PRO VERSION 7.3.0 $39.95 on special at this time for $29.95 12 months subscription, well worth the price https://secure.firetrust.com/cart
dorian said
06:50 PM Nov 17, 2013
My ISP intercepts and quarantines the vast majority of spam on their server. I usually don't bother checking it.
As for the email that I download, my email client (Eudora) allows me to disable potentially dangerous features. For example, I can "disallow executables in HTML content". I also have a plugin which removes all HTML content and essentially converts the message into plain text.
Eudora automatically filters what it considers to be junk and places it in the Junk mailbox. I can alter the junk settings, if need be. I also have my own filters which automatically sort email from known addresses into the correct mailboxes.
Antivirus software typically scans emails before they are made available for reading.
_wombat_ said
06:58 PM Nov 17, 2013
dorian wrote:
My ISP intercepts and quarantines the vast majority of spam on their server. I usually don't bother checking it.
As for the email that I download, my email client (Eudora) allows me to disable potentially dangerous features. For example, I can "disallow executables in HTML content". I also have a plugin which removes all HTML content and essentially converts the message into plain text.
Eudora automatically filters what it considers to be junk and places it in the Junk mailbox. I can alter the junk settings, if need be. I also have my own filters which automatically sort email from known addresses into the correct mailboxes.
Antivirus software typically scans emails before they are made available for reading.
That is the same as mail washer pro, great program, will have to have a look at your one, is it free?
_wombat_ said
07:03 PM Nov 17, 2013
Just has a quick look at the site https://wiki.mozilla.org/Eudora_OSE and it is no longer supported but I think being open source it would be free
dorian said
08:43 PM Nov 17, 2013
I confess I'm still using a very old version of Eudora (I actually paid for mine), but the open source Linux and XP versions sound great. Thanks for the heads up.
Sheba said
05:11 AM Nov 18, 2013
I don't understand why anyone, if they read my post properly, would want to click on that Link. I made it quite clear that this was a Scam.
Cheers,
Sheba.
_wombat_ said
05:32 AM Nov 18, 2013
Sheba wrote:
I don't understand why anyone, if they read my post properly, would want to click on that Link. I made it quite clear that this was a Scam.
Cheers,
Sheba.
I did not click on it, cos Dougwe told me not to, he's been quiet today.
dorian said
12:18 PM Nov 18, 2013
_wombat_ wrote:
dorian, when you have had time to have a look at that one can you please advise if I would need Mozilla Thunderbird to run it? it looks like it maybe an extension to MT
I'm still using Windows 98SE. I don't know when I'll get around to "upgrading", if ever.
I'm putting this here,as I know a lot of people don't read all of the threads. Just looked at my E-mails and found this. I have never had a Westpac Account. Take care people. They do try and make them look genuine, don't they ?
Needless to say, I have deleted it, without clicking on the link so thoughtfully provided.
Cheers,
Sheba.
This is an automated message to notify you that we detected a login attempt with a valid password to your account from an unrecognized device yesterday @
Location: UNITED STATES, COLORADO, COLORADO SPRINGS,IP=195.218.84.56 Latitude, Longitude: 75.16459, -25.9814 , Connection through: MCI Local Time: 2013 04:57 PM (UTC -06:00) IDD Code: 1 Weather Station: COLORADO SPRINGS (USCO0078) Usage Type: ISP
Was this you? If so, you can disregard the rest of this email. If this wasn't you kindly follow the account review link:
http://auth.westpac.com.au.nr-976.7jm.dyndns-blog.com/esis/index.php?r=S670216334659&id=Q737968538
Sincerely,
Westpac Bank Customer Care
2013 Westpac Financial Corporation. All Rights reserved
Email ID:37322650114300219389726
-- Edited by Sheba on Friday 15th of November 2013 06:43:40 PM
and please don't post the active links. edit them with advanced editor and click on the broken chain (breaks the link) icon so that others reading the post don't click on them.
Cheers.
Troopy
edit: I forgot to say, highlight the link, then hit the broken chain icon
-- Edited by 03_troopy on Friday 15th of November 2013 07:43:11 PM
If you've deleted it, how can you show it on this forum?
Sheba as Hako has pointed out the link in your original post is live, anyone who clicks on it may well be at risk.
You may have deleted it on your PC however it is alive and well at the start of this thread, and possibly anywhere else you may have posted it.
03 Troopy has explained how to deactivate it.
-- Edited by Santa on Saturday 16th of November 2013 11:46:15 PM
It appears that a computer ("zombie") at UCLA was compromised and was being used to perpetrate this scam.
Below are my ping, traceroute, and ARIN Whois search results. Note that the actual URL that is the source of the scam is "7jm.dyndns-blog dot com". The Westpac text can be replaced with "blah.blah.blah" without altering the results.
BTW, I tried a ping and tracert to the same URL yesterday and was successful in reaching it. Today the requests time out, suggesting that the problem has been rectified.
C:\>ping auth.westpac.com.au.nr-976.7jm.dyndns-blog dot com
Pinging 7jm.dyndns-blog dot com [128 dot 97.224.14] with 32 bytes of data:
Reply from 164 dot 67.62.99: TTL expired in transit.
Reply from 164 dot 67.62.99: TTL expired in transit.
Reply from 164 dot 67.62.99: TTL expired in transit.
Reply from 164 dot 67.62.99: TTL expired in transit.
Ping statistics for 128 dot 97.224.14:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\>ping blah.blah.blah.7jm.dyndns-blog dot com
Pinging 7jm.dyndns-blog dot com [128 dot 97.224.14] with 32 bytes of data:
Reply from 164 dot 67.62.99: TTL expired in transit.
Reply from 164 dot 67.62.99: TTL expired in transit.
Reply from 164 dot 67.62.99: TTL expired in transit.
Reply from 164 dot 67.62.99: TTL expired in transit.
Ping statistics for 128 dot 97.224.14:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\>tracert auth.westpac.com.au.nr-976.7jm.dyndns-blog dot com
Tracing route to 7jm.dyndns-blog dot com [128 dot 97.224.14]
over a maximum of 30 hops:
1 * * * Request timed out.
2 34 ms 33 ms 34 ms lns20.syd6.on.ii.net [150.101.199.159]
3 34 ms 33 ms 33 ms te3-1-20.cor2.syd7.on.ii.net [150.101.195.138]
4 34 ms 34 ms 34 ms ae5.br1.syd4.on.ii.net [150.101.33.48]
5 180 ms 181 ms 181 ms te0-1-1-2.bd1.lax1.on.ii.net [203.16.213.65]
6 181 ms 181 ms 181 ms eq-exchange.tr01-lsanca01.transitrail.net [206.223.123.7]
7 182 ms 182 ms 182 ms 64.57.20.227
8 183 ms 184 ms 184 ms dc-lax-core1--lax-px1-10ge-2.cenic.net [137.164.46.150]
9 211 ms 212 ms 212 ms dc-lax-agg5--lax-core1-10ge.cenic.net [137.164.46.133]
10 183 ms 183 ms 182 ms ucla--lax-agg1-10g.cenic.net [137.164.24.135]
11 183 ms 183 ms 182 ms cr01f2.csb1--bd02f1.anderson.ucla.net [169.232.4.104]
12 182 ms 183 ms 182 ms sr01f1.anderson--cr01f2.csb1.ucla.net [169.232.8.27]
13 183 ms 183 ms 183 ms ra11f2.csb1.ucla.net [164.67.62.90]
14 182 ms 182 ms 182 ms 164.67.62.99
15 183 ms 183 ms 182 ms ra11f2.csb1.ucla.net [164.67.62.90]
16 182 ms 182 ms 183 ms 164.67.62.99
17 183 ms 182 ms 182 ms ra11f2.csb1.ucla.net [164.67.62.90]
18 182 ms 182 ms 182 ms 164.67.62.99
19 182 ms 182 ms 182 ms ra11f2.csb1.ucla.net [164.67.62.90]
20 183 ms 183 ms 182 ms 164.67.62.99
21 183 ms 182 ms 182 ms ra11f2.csb1.ucla.net [164.67.62.90]
22 182 ms 183 ms 182 ms 164.67.62.99
23 183 ms 183 ms 182 ms ra11f2.csb1.ucla.net [164.67.62.90]
24 182 ms 183 ms 181 ms 164.67.62.99
25 182 ms 183 ms 183 ms ra11f2.csb1.ucla.net [164.67.62.90]
26 182 ms 183 ms 182 ms 164.67.62.99
27 183 ms 182 ms 183 ms ra11f2.csb1.ucla.net [164.67.62.90]
28 183 ms 183 ms 184 ms 164.67.62.99
29 183 ms 183 ms 183 ms ra11f2.csb1.ucla.net [164.67.62.90]
30 182 ms 183 ms 183 ms 164.67.62.99
Trace complete.
http://whois.arin.net/rest/net/NET-128-97-0-0-1/pft
Network
NetRange 128.97.0.0 - 128.97.255.255
CIDR 128.97.0.0/16
Name UCLANET
Handle NET-128-97-0-0-1
Parent NET128 (NET-128-0-0-0-0)
Net Type Direct Assignment
Origin AS AS52
Organization University of California, Los Angeles (UCLA)
Registration Date 1985-11-11
Last Updated 2009-06-10
Organization
Name University of California, Los Angeles
Handle UCLA
Street UCLA Communications Technology Services
Campus Services Building I, 2nd Floor
741 Charles E. Young Drive South
City Los Angeles
State/Province CA
Postal Code 90095-1363
Country US
Registration Date 1985-10-24
Last Updated 2009-12-22
-- Edited by dorian on Sunday 17th of November 2013 08:17:12 AM
dorian, when you have had time to have a look at that one can you please advise if I would need Mozilla Thunderbird to run it? it looks like it maybe an extension to MT
Sorry Sheba, it looks like I have gone off topic, just blame dazren.
-- Edited by _wombat_ on Sunday 17th of November 2013 01:01:40 PM
Is that all you got sitting , your poor lol, i have at least $3000000000000 sitting in Nigeria and America for me, all i have to do is send my bank detales and passwords, that's after i send the $200 so thy can clear it with there banks
I don't know why EVERYBODY has not got this program on their computer, I have been using it for years, it allows you to look on your ISP BEFORE you download your emails to your computer and you just delete the emails you do not want before you download the ones you want to keep to your computer.
There is a free version but you can only use 1 email address.
GO GET A COPY NOW
FREE VER http://filehippo.com/download_mailwasher/7639/ the only free version is 6.54
PRO VERSION 7.3.0 $39.95 on special at this time for $29.95 12 months subscription, well worth the price https://secure.firetrust.com/cart
As for the email that I download, my email client (Eudora) allows me to disable potentially dangerous features. For example, I can "disallow executables in HTML content". I also have a plugin which removes all HTML content and essentially converts the message into plain text.
Eudora automatically filters what it considers to be junk and places it in the Junk mailbox. I can alter the junk settings, if need be. I also have my own filters which automatically sort email from known addresses into the correct mailboxes.
Antivirus software typically scans emails before they are made available for reading.
That is the same as mail washer pro, great program, will have to have a look at your one, is it free?
Just has a quick look at the site https://wiki.mozilla.org/Eudora_OSE and it is no longer supported but I think being open source it would be free
I don't understand why anyone, if they read my post properly, would want to click on that Link. I made it quite clear that this was a Scam.
Cheers,
Sheba.
I did not click on it, cos Dougwe told me not to, he's been quiet today.
I'm still using Windows 98SE. I don't know when I'll get around to "upgrading", if ever.