Could spam e-mails be traced back to iBurst Help Desk?

[JeanetteR]

Can somebody perhaps explain the following to me. I received another spam e-mail (copied below). Interesting though, is when I click on reply to see the e-mail address of the sender, this is what shows: [email protected]

Then I decided to block the sender, and to my astonishment, in the dialog box it shows: " [email protected] has been added to your blocked senders list."

First I thought that I was in the wrong message and then ensured that I had this spam e-mail opened and repeated my action of blocking the sender. - Same result.

What is going on?



..................................................................................................

From: Technical Support
Date: 13 January 2010 23:43
To : None


Dear Iburst.co.za User,

We regret to announce to you that we will be making some vital maintenance
on our webmail. During this process you might have login problems in
signing into your Online account, but to prevent this you have to confirm
your account immediately after you receive this notification.

To confirm and to keep your account active during and after this process,
please reply to this message with the below account informations. Failure
to do this might cause a permanent deactivation of your user account from
our database to enable us create more spaces for new users.

YOUR ACCOUNT CONFIRMATION

Name:
E-mail ID:
Password:

Your account shall remain active after you have successfully confirmed
your account details.


Thank you for using Iburst.co.za services.

Thanks for bearing with us.
MAINTENANCE TEAM

..............................................................................................

 

[r00igev@@r]

The display name is made to look different than the actual email address which is a standard spamming trick.
The gory details of the email are revealed when you right click on the message, select properties and then view details. You can post the details here and we'll take it further...

 

[JeanetteR]

Properties of spam e-mail received on 13 Jan 2010

The display name is made to look different than the actual email address which is a standard spamming trick.
The gory details of the email are revealed when you right click on the message, select properties and then view details. You can post the details here and we'll take it further...

Thanks Ronald - details are:


Return-path: <[email protected]>
Envelope-to: [email protected] (My name hidden)
Delivery-date: Wed, 13 Jan 2010 23:46:40 +0200
Received: from srv234.fisa.cl ([64.76.136.234])
by wbs-smtp-in-01 with esmtp (Exim 4.67)
(envelope-from <[email protected]>)
id 1NVB2f-00066N-IM; Wed, 13 Jan 2010 23:46:38 +0200
Received: from localhost ([127.0.0.1] helo=127.0.0.1)
by srv234.fisa.cl with esmtpa (Exim 4.69)
(envelope-from <[email protected]>)
id 1NVB0J-0002Js-O3; Wed, 13 Jan 2010 18:43:51 -0300
Received: from 127.0.0.1 ([127.0.0.1]) (proxying for 41.138.191.157,
83.138.172.72)
(SquirrelMail authenticated user [email protected])
by 127.0.0.1 with HTTP;
Wed, 13 Jan 2010 18:43:51 -0300 (CLST)
Message-ID: <[email protected]>
Date: Wed, 13 Jan 2010 18:43:51 -0300 (CLST)
From: "Technical Support" <[email protected]>
Reply-To: [email protected]
User-Agent: SquirrelMail/1.4.13
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - srv234.fisa.cl
X-AntiAbuse: Original Domain - iburst.co.za
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - iburst.co.za
X-Source:
X-Source-Args:
X-Source-Dir:
X-Original-Subject: UPGRADE YOUR ACCOUNT
X-Spam-Score: 3.4 (+++)
X-Spam-Score-Int: 34
X-Spam-Report: Spam detection software, running on "wbs-spam-02.v930.wbs".
If you have any questions, send mail to [email protected] .
Content analysis details: (3.4 points)
pts rule name description
---- ---------------------- --------------------------------------------------
* 1.8 SUBJ_ALL_CAPS Subject is all capitals
* 1.6 MISSING_HEADERS Missing To: header
Subject: UPGRADE YOUR ACCOUNT

Dear Iburst.co.za User,

We regret to announce to you that we will be making some vital maintenance on our webmail. During this process you might have login problems insigning into your Online account, but to prevent this you have to confirm
your account immediately after you receive this notification.

To confirm xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (rest of the e-mail as per my post above - Jeanette)

 

[JeanetteR]

The display name is made to look different than the actual email address which is a standard spamming trick.
The gory details of the email are revealed when you right click on the message, select properties and then view details. You can post the details here and we'll take it further...

Ronald, please refer to my post of 12 Jan 2010 under Thread: "Being spammed to death with iburst scams" by Mental-Tree. I still have that particular e-mail which I posted further info on today.

Tx

 

[r00igev@@r]

JeanetteR,
We'll see what we can do. Looks like a conference site in Chile was hacked as it had very poor passwords. This is being used by spammers in China to try and mine information.
They aren't really interested in your iBurst account but more likely your bank account (or other financial services account) and work on the assumption that your bank account password is the same as your ISP login. Many people have the same password for everything.
If you use different passwords, subscribe to SMS notifications and use OTP (one time passwords) you'll be much safer.
Most email addresses and phone numbers are leaked from call centres (anything from financial services, shopping, customer services, etc.) where they record your phone number and email address. Ever wondered how those pesky mobile resellers obtained your mobile number to bug you? Same source.