RE: Web Scams

["Gilmore, Corey (DPC)" <Corey_Gilmore () dpc senate gov>]

> -----Original Message-----
> From: shawn [mailto:pakkit () codepiranha org] 
> Sent: Thursday, August 26, 2004 6:27 AM
> To: Lawrence, Michael
> Cc: webappsec () securityfocus com
> Subject: Re: Web Scams
>
> I can virtually guarantee you that reporting it to any 
> "authorities" is useless.  They aren't going to look at it at 
> all.  There has been no damage and most likely they have no 
> expertise or jurisdiction and, frankly, have more important 
> things to do.
>
> You are probably better off looking at the headers of the 
> email message, getting the original IP and then finding out 
> what company owns that IP from ARIN.  Then send the email 
> along with the full headers to the abuse or security contact 
> for that company.  If you're lucky, they will track down who 
> sent the original email and suspend his account.  Regardless 
> of what they do, you also will probably not hear back from them.
>
> Wish I had better news for you...

I would forward the message, with full headers, to the organization
being spoofed.  Usually there is an email listed for this, but some
combination of abuse@spoofed.company, fraud@spoofed.company,
spoof@spoofed.company usually works if you're lazy.

Best Buy - bestbuysecurityinfo () postfuture com
EarthLink - fraud () corp earthlink net
eBay - spam () ebay com
PayPal - spoof () paypal com

The IFCC (Internet Fraud Complaint Center) is another resource,
http://www1.ifccfbi.gov/