Phishing attack

[Flight]

Hi guys, I just received a email that didn't look right from Amazon, it was saying that there was an attempt to get into my Amazon. Com account, I don't have a .com account.

So I got the Amazon number through my app. to ask them if they sent me a email. They said no, so the representative sent me a email on how to report the fake email. So I did. Here is a few screenshots of fake email.



If you look at the detailed email (last one) you can see that it's not a proper email for Amazon.

 

[Weedygarden]

Thank you. I have been getting emails from "Amazon" every day for a while now. I knew they were not from Amazon so I just kept dumping them into spam. I have been getting emails from Kohls and a few other places recently. I keep putting them in spam and cleaning out my spam folder.
These emails have been saying we have been trying to get ahold of you, and other attempts to make it seem urgent. They're barking up the wrong tree if they try to get me excited about such b.s. We just have to keep deflecting these spammers, scammers who keep calling, emailing and whatever attempts they make to suck us in.

 

[MoBookworm1957]

Chinese consul in Chicago called today.

 

[Peanut]

Sort of funny... last fall I got phishing emails from Symantec Internet Security software...

Good catch...

@MoBookworm1957 Did you tell them you have a special on Mongolian beef and offer to take their order?

 

[Flight]

My Aunt messenger account got hacked about a 2 months ago. I recommend it immediately that it was not her, we only communicate through fb its self. I called her to let her know, they said they will get it back asap.

So about a month ago, she warned her friends on fb that it was happening again. So I told her on fb. That I thought she was a Nigerian princess and gave her $10,000, well she said she never got it and expected e to give her more, lol or was a good laugh.

 

[Flight]

If you guys log into in my case Amazon account in your browser and not through the email Look for the contact phone number and talk to them

 

[Sentry18]

You may be shocked at how often we get calls where people report that they have been swindled into giving out all kinds of personal data. Some of these con artists are slick, most are not, but both leave a whole lot of victims in their wake.

 

[Meerkat]

You may be shocked at how often we get calls where people report that they have been swindled into giving out all kinds of personal data. Some of these con artists are slick, most are not, but both leave a whole lot of victims in their wake.

Thats bad.

 

[Flight]

I know it happens alot, I can only imagine how many people were swindled into giving out personal information. I'm sure I can't comprehend the numbers.

I think that cybersecurity will keep busy

 

[Supervisor42]

You may be shocked at how often we get calls where people report that they have been swindled into giving out all kinds of personal data. Some of these con artists are slick, most are not, but both leave a whole lot of victims in their wake.

They are slick.
I think the worst are the ones that call my wife purporting to be from the SSA and tell her that there has been unauthorized access to her SS account and that if she doesn't change her password (to them) that her SS payments will be cut off.
Can you imagine how few grey-haired old ladies with no other source of income will have the nerve to tell them to go ***-themselves?
What would your mom do?

Two things in this world you can count on: death and taxes....
Rest assured, the IRS and the SSA WILL send you a letter!

 

[backlash]

They are slick.
I think the worst are the ones that call my wife purporting to be from the SSA and tell her that there has been unauthorized access to her SS account and that if she doesn't change her password (to them) that her SS payments will be cut off.
Can you imagine how few grey-haired old ladies with no other source of income will have the nerve to tell them to go ***-themselves?
What would your mom do?

Two things in this world you can count on: death and taxes....
Rest assured, the IRS and the SSA WILL send you a letter!

My wife gets one of those calls about every week. Last one said she was going to be arrested if she did not reply to the email with her information.
She also got a letter in the mail telling her someone was using her SS# for employment. That one looked pretty legit but she still ignored it.
I put a lock on her credit just to be on the safe side.

 

[Weedygarden]

You may be shocked at how often we get calls where people report that they have been swindled into giving out all kinds of personal data. Some of these con artists are slick, most are not, but both leave a whole lot of victims in their wake.

I don't answer the phone unless I know the number or if it is a South Dakota number calling, a relative. If it is important enough, they will leave a message. The scammers sometimes leave a message and then I can label it as a scammer.

Once in a while, the same number will keep calling. If I am in the right mood I will play with them. One of them told me my computer had a virus and to let him have access, told me how. Okay. I never let him have access, but I kept him on the line for a good length of time, because I knew the game and I just felt like it at the moment. How to keep people on the line: someone is at the door, hold on. I have to use the restroom, I'll be right back. Wait a minute, I'll be right back. They think they have a live one, they wait. But when they realize they have been played, they are nasty and say nasty things. It does not bother me.

 

[Amish Heart]

We're getting the SSA calls, the fake IRS calls, and calls from "the electric company" saying that our power will be turned off in 30 minutes unless I call their 800 number with my credit card. Also tons of "insurance" calls from "my insurance company". Wanting info to keep me "signed up".

 

[Weedygarden]

This is an email tonight, sender couldn't be further from the truth! I guess if manipulation doesn't work, try scare tactics.

"Yöu mäy nöt knöw me änd yöu äre pröbäbly wöndering why yöu äre getting this e mäil, right?

I've been wätching yöu för ä very löng time. The fäct is thät yöu were dirty with mälwäre thröugh än ädult site thät yöu visited. If yöu dön't knöw äböut it, I will expläin in detäil tö yöu.With the help öf ä Tröjän virus, I cän cöntröl every äctiön ön yöur devices.This meäns thät I cän see everything ön yöur screen, turn ön the cämerä änd micröphöne, änd yöu wön't even underständ it. I cän älsö see äll yöur cöntäcts änd äll yöur messäges.

I äm in täke äbäck öf yöur erötic fäntäsies!

I mäde videö fröm yöur digitäl cämerä fröm yöurs devices.
Yöu enjöy, I recörd videö.
I mäde bäck-up yöur cöntäcts änd files.
I wänt 712 USD tö my /Bitcöin
My !Bitcöin wället

1J9iAfnHhvhhMrP7c8n3bmvWh6CcjjynUt

If YöU dön't Send *Bitcöin. I shäre this stun öf yöur fetish fäntäsies. With yöurs cöntäcts!
If yöu dö nöt knöw höw tö dö this - enter intö Göögle#
%höw tö tränsfer möney tö ä Bitcöin( wället@

Yöu Häve Time - 31 höurs.

Yöu see grämmäticäl mistäkes? Yes! I dö this speciäl, tö nöt find me. äll newsletter & instägräm häve änälyze writing style.

My em@il: PrFö[email protected]

yöur persönäl mailkey=19ch%Tö%z17"

 

[Haertig]

This is an email tonight

Seems like our German friend, Umlaut, has been busy at the keyboard.

 

[Supervisor42]

If YöU dön't Send *Bitcöin. I shäre this stun öf yöur fetish fäntäsies. With yöurs cöntäcts!

It's ok.
You can share all your fetish fantasies with us, we're all grown-ups here.

I don't get no good phishing calls anymore

 

[VenomJockey]

Hi guys, I just received a email that didn't look right from Amazon, it was saying that there was an attempt to get into my Amazon. Com account, I don't have a .com account.

So I got the Amazon number through my app. to ask them if they sent me a email. They said no, so the representative sent me a email on how to report the fake email. So I did. Here is a few screenshots of fake email.

View attachment 25532 View attachment 25533 View attachment 25534 View attachment 25535

If you look at the detailed email (last one) you can see that it's not a proper email for Amazon.

Amazon fakes aren't the only ones! I got one last week from some idiot who claimed to be an FBI agent, and they needed $250 for some kind of "foreign transaction tax" so I could claim a small inheritance from a relative in the UK. Well, #1, I don't HAVE any relatives in the UK; #2, The guy couldn't spell worth crap, ; and #3, the IP Tracer I use showed their computer to be in China (probably a VPN server at that)....but I'd bet a lot of dumbasses sent them $250! You have to be really careful with emails, and particularly emails that ask for personal data or money.

 

[Amish Heart]

Ha Weedy, I got a similarly disgusting one last week telling me that they were watching me on an adult site. So of course, to send them money. Ha Ha.

 

[Weedygarden]

Amazon fakes aren't the only ones! I got one last week from some idiot who claimed to be an FBI agent, and they needed $250 for some kind of "foreign transaction tax" so I could claim a small inheritance from a relative in the UK. Well, #1, I don't HAVE any relatives in the UK; #2, The guy couldn't spell worth crap, ; and #3, the IP Tracer I use showed their computer to be in China (probably a VPN server at that)....but I'd bet a lot of dumbasses sent them $250! You have to be really careful with emails, and particularly emails that ask for personal data or money.

How do you figure out where someone's email is coming from? I have researched that a few times and could never figure it out.

 

[Weedygarden]

Ha Weedy, I got a similarly disgusting one last week telling me that they were watching me on an adult site. So of course, to send them money. Ha Ha.

Amish, I believe that maybe there is a percent of people who would be guilty. It will never be me. If they are watching my activity, they will see me on Ancestry, Family Search, Czech birth, marriage and death record sites, preparedness forums and sites, YouTube and Facebook. Nothing in any of that to be embarrassed or ashamed of. I have gotten other threats, such as, we know your passwords, send us X amount of money. I would never cave to such threats. They are just trying to see who might believe them. It is not me! If they know my passwords, go ahead. They do not!

 

[phideaux]

Back a couple years ago , I got a threatening email telling that if I didn't send them a payment of $500 , they were going to post all of the photos of me on a porn site.

Now that's funny. I don't even know how to porn.

At my age ....well I won't go there..

I just wonder how many idiots fell for it , that are porny.

Jim

 

[Weedygarden]

How many of you put something over the camera on your computer/laptop? Mine is usually covered up.

 

[VenomJockey]

How do you figure out where someone's email is coming from? I have researched that a few times and could never figure it out.

You get the information from the headers. You may have to click on "details" if your email app does not show the headers. Once you have the info use an app like "whois" to trace the IP address. (https://www.whois.net)
There are other tracking sites/apps as well. I mostly use "whois."

 

[Haertig]

How do you figure out where someone's email is coming from? I have researched that a few times and could never figure it out.

There are two basic steps: Find out the IP address of the sender, then lookup who that IP address belongs to.

It is not difficult, but it may look intimidating below, just due to the technical looking email headers that you need to see. Don't worry, it's not hard, despite your initial reaction to what you see below!

To find the originating IP address, you will need to view your email showing the full headers. Each email client supports this differently. I use Thunderbird for email, and what I do in that email client is choose (highlight) the email I am interested in, then click on View->MessageSource.

Here is an example of a (legitimate) email (source view) that I just received from my bank (Chase Bank in this case). When you see XXXXXXXXXX below, that is me manually blocking out my email address, so that it is not blasted all over the web.

Return-Path: <[email protected]>
Delivered-To: XXXXXXXXXX
Received: from dovdir2-hoc-04o.email.comcast.net ([69.252.207.23])
    by dovback2-hoc-17o.email.comcast.net with LMTP
    id iPuhOWb1iF0EEQAAmoSVNA
    (envelope-from <[email protected]>)
    for <XXXXXXXXXX>; Mon, 23 Sep 2019 16:40:06 +0000
Received: from dovpxy-hoc-08o.email.comcast.net ([69.252.207.23])
    by dovdir2-hoc-04o.email.comcast.net with LMTP
    id wO5xOWb1iF0nUgAA8qtlRA
    (envelope-from <[email protected]>)
    for <XXXXXXXXXX>; Mon, 23 Sep 2019 16:40:06 +0000
Received: from resimta-ch2-03v.sys.comcast.net ([69.252.207.23])
    (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
    by dovpxy-hoc-08o.email.comcast.net with LMTP id WE74M2X1iF1XKwAA5hpKTg
    ; Mon, 23 Sep 2019 16:40:07 +0000
Received: from shvf13.jpmchase.com ([159.53.46.159])
    by resimta-ch2-03v.sys.comcast.net with ESMTP
    id CRNdidjiG5h6cCRNeit1Bh; Mon, 23 Sep 2019 16:40:06 +0000
X-CAA-SPAM: 00000
X-Xfinity-VAAS: gggruggvucftvghtrhhoucdtuddrgedufedrvdekgddutdeg...
X-Xfinity-CCat: updates
X-Xfinity-VMeta: sc=50;st=transactional:alert
X-Xfinity-Message-Heuristics: IPv6:N;TLS=1;SPF=1;DMARC=P
Authentication-Results: resimta-ch2-03v.sys.comcast.net;
    dkim=pass header.d=alertsp.chase.com header.b=wnEaUeFa
Received: from spi4.svr.us.jpmchase.net (spi4.svr.us.jpmchase.net [169.81.124.220])...
DKIM-Filter: OpenDKIM Filter v2.7.5 shvf13.jpmchase.com x8NGe5S4013741
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alertsp.chase.com;
    s=d4815; t=1569256805;
    bh=CLz7oyNH/SKZJWtfAdnBGFkk5A2p7JMqm4YUbakjnv0=;
    h=Date:From:To:Subject;
    b=wnEaUeFaU/JFbxYg97SUGhvvChMHw4nMkRnxvbp1YIB1/R2BUDxb+WUfd5JYEl9JH
    w+nDSk+3VVbcU2noDt4lqx2a...
Received: from cdc2vpc5lpr20.svr.us.jpmchase.net (cdc2vpc5lpr20.svr.us.jpmchase.net [169.121.236.225])...
Received: from cdc2vpc5lpr20 (loopback [127.0.0.1])
    by cdc2vpc5lpr20.svr.us.jpmchase.net (AIX6.1/8.14.4/8.11.0) with ESMTP id x8NGe43R1835924
    for <XXXXXXXXXX>; Mon, 23 Sep 2019 12:40:04 -0400
Date: Mon, 23 Sep 2019 12:40:04 -0400 (EDT)
From: Chase <[email protected]>
To: XXXXXXXXXX
Message-ID: <-647863857.3377814.1569256804859.JavaMail.wasadm@cdc2vpc5lpr20>
Subject: Your Online/Phone/Mail Charge Alert from Chase
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
DEVICE-ID: 322772836
APP-SOURCE: Alerts
NOTIFICATION-ID: 1002266338798


This is an Alert to help you manage your credit card account ending in 5954.

As you requested, we are notifying you of an online, phone or mail order charge.
This charge of ($USD) 7.00 at QQQQQ... has been authorized on 09/23/2019 12:40:02 PM EDT.

Do not reply to this Alert.

If you have questions, please call the number on the back of your credit card, or send a secure
message from your Inbox on www.chase.com.

To see all of the Alerts available to you, or to manage your Alert settings, please log on to
www.chase.com.

Start at the BOTTOM of the email above and start lookup UPWARDS for lines that start with "Received: from". The reason you start from the bottom is because you want to find the FIRST IP address that is mentioned. As emails bounce across the internet on their way to delivery, each hop PREPENDS its own information to the TOP of this listing. So you have to start looking from the bottom, to find the initial guy who created the email.

In the example above, the first line that meets that criteria is:

Received: from cdc2vpc5lpr20 (loopback [127.0.0.1])

We always ignore any line that references 127.0.0.1, and continue the search upwards. The next line that meets the criteria is:

Received: from cdc2vpc5lpr20.svr.us.jpmchase.net (cdc2vpc5lpr20.svr.us.jpmchase.net [169.121.236.225])

This is the line you want. Specifically, what you want is the IP address, which is:

169.121.236.225

Note that you may have to do some side-to-side scrolling in your brower to see that 169 number above, it's off to the right and may not be initially visible. Also note that there is other stuff around that IP address that mentions "jpmchase", which is "J.P. Morgan Chase" ... my bank. But do not trust this, as it can be spoofed by a good hacker. The actual IP address, "169.121.236.225" cannot easily be spoofed.

So now we have completed step one of identifying where our email came from. We have the senders IP address. Now we want to do a lookup on that to see who/what/where it is. This is called a "whois" lookup. There are several places on the web where you can do this lookup. One such place being http://ip-whois-lookup.com/ So go there, on on the upper right part of the webpage there is a place labeled "Whois Lookup". Cut-n-paste the IP address that you found above into that dialog box and click "Go".

This is what showed up with a whois lookup for my example email above:

NetRange: 169.64.0.0 - 169.127.255.255
CIDR: 169.64.0.0/10
NetName: JMC
NetHandle: NET-169-64-0-0-1
Parent: NET169 (NET-169-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: JPMorgan Chase & Co. (JMC-39)
RegDate: 1993-08-24
Updated: 2012-02-24
Ref: https://rdap.arin.net/registry/ip/169.64.0.0

OrgName: JPMorgan Chase & Co.
OrgId: JMC-39
Address: 120 Broadway
City: New York
StateProv: NY
PostalCode: 10271-1999
Country: US
RegDate: 2006-11-21
Updated: 2017-10-19
Ref: https://rdap.arin.net/registry/entity/JMC-39

OrgTechHandle: IPADM322-ARIN
OrgTechName: IP Admin
OrgTechPhone: +1-614-248-5800
OrgTechEmail: [email protected]
OrgTechRef: https://rdap.arin.net/registry/entity/IPADM322-ARIN

OrgAbuseHandle: ABUSE6593-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-614-213-0000
OrgAbuseEmail: [email protected]
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE6593-ARIN

Note that this whois lookup indeed references "JPMorgan Chase & Co" many times. So this has given us the real senders identity.

The above steps are how I would verify that an email I received allegedly from Chase Bank did indeed come from Chase Bank.

The hardest part is probably the very first step: Figuring our how your specific email client (Thunderbird, Gmail, Outlook, or whatever) allows you to "view the message source". Some email clients may call this "View Headers". Note that Thunderbird also has a "View Headers" that you can click on, but that shows you a very abbreviated view that does not contain the information you need. You have to use "View Message Source" to find what you need in Thunderbird. Other email clients may be easier or more difficult. You could probably do a Google search on "how to display email headers using XXX" to find out what to do.

 

[VThillman]

"Yöu mäy nöt knöw me änd yöu äre pröbäbly wöndering why yöu äre getting this e mäil, right?

I've been getting a message that starts this way, for months. It assumes that I use a laptop with camera to record myself masturbating while watching internet porn. I wonder how many 'hits' they get.

 

[VenomJockey]

There are two basic steps: Find out the IP address of the sender, then lookup who that IP address belongs to.

It is not difficult, but it may look intimidating below, just due to the technical looking email headers that you need to see. Don't worry, it's not hard, despite your initial reaction to what you see below!

To find the originating IP address, you will need to view your email showing the full headers. Each email client supports this differently. I use Thunderbird for email, and what I do in that email client is choose (highlight) the email I am interested in, then click on View->MessageSource.

Here is an example of a (legitimate) email (source view) that I just received from my bank (Chase Bank in this case). When you see XXXXXXXXXX below, that is me manually blocking out my email address, so that it is not blasted all over the web.

Return-Path: <[email protected]>
Delivered-To: XXXXXXXXXX
Received: from dovdir2-hoc-04o.email.comcast.net ([69.252.207.23])
    by dovback2-hoc-17o.email.comcast.net with LMTP
    id iPuhOWb1iF0EEQAAmoSVNA
    (envelope-from <[email protected]>)
    for <XXXXXXXXXX>; Mon, 23 Sep 2019 16:40:06 +0000
Received: from dovpxy-hoc-08o.email.comcast.net ([69.252.207.23])
    by dovdir2-hoc-04o.email.comcast.net with LMTP
    id wO5xOWb1iF0nUgAA8qtlRA
    (envelope-from <[email protected]>)
    for <XXXXXXXXXX>; Mon, 23 Sep 2019 16:40:06 +0000
Received: from resimta-ch2-03v.sys.comcast.net ([69.252.207.23])
    (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
    by dovpxy-hoc-08o.email.comcast.net with LMTP id WE74M2X1iF1XKwAA5hpKTg
    ; Mon, 23 Sep 2019 16:40:07 +0000
Received: from shvf13.jpmchase.com ([159.53.46.159])
    by resimta-ch2-03v.sys.comcast.net with ESMTP
    id CRNdidjiG5h6cCRNeit1Bh; Mon, 23 Sep 2019 16:40:06 +0000
X-CAA-SPAM: 00000
X-Xfinity-VAAS: gggruggvucftvghtrhhoucdtuddrgedufedrvdekgddutdeg...
X-Xfinity-CCat: updates
X-Xfinity-VMeta: sc=50;st=transactional:alert
X-Xfinity-Message-Heuristics: IPv6:N;TLS=1;SPF=1;DMARC=P
Authentication-Results: resimta-ch2-03v.sys.comcast.net;
    dkim=pass header.d=alertsp.chase.com header.b=wnEaUeFa
Received: from spi4.svr.us.jpmchase.net (spi4.svr.us.jpmchase.net [169.81.124.220])...
DKIM-Filter: OpenDKIM Filter v2.7.5 shvf13.jpmchase.com x8NGe5S4013741
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alertsp.chase.com;
    s=d4815; t=1569256805;
    bh=CLz7oyNH/SKZJWtfAdnBGFkk5A2p7JMqm4YUbakjnv0=;
    h=Date:From:To:Subject;
    b=wnEaUeFaU/JFbxYg97SUGhvvChMHw4nMkRnxvbp1YIB1/R2BUDxb+WUfd5JYEl9JH
    w+nDSk+3VVbcU2noDt4lqx2a...
Received: from cdc2vpc5lpr20.svr.us.jpmchase.net (cdc2vpc5lpr20.svr.us.jpmchase.net [169.121.236.225])...
Received: from cdc2vpc5lpr20 (loopback [127.0.0.1])
    by cdc2vpc5lpr20.svr.us.jpmchase.net (AIX6.1/8.14.4/8.11.0) with ESMTP id x8NGe43R1835924
    for <XXXXXXXXXX>; Mon, 23 Sep 2019 12:40:04 -0400
Date: Mon, 23 Sep 2019 12:40:04 -0400 (EDT)
From: Chase <[email protected]>
To: XXXXXXXXXX
Message-ID: <-647863857.3377814.1569256804859.JavaMail.wasadm@cdc2vpc5lpr20>
Subject: Your Online/Phone/Mail Charge Alert from Chase
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
DEVICE-ID: 322772836
APP-SOURCE: Alerts
NOTIFICATION-ID: 1002266338798


This is an Alert to help you manage your credit card account ending in 5954.

As you requested, we are notifying you of an online, phone or mail order charge.
This charge of ($USD) 7.00 at QQQQQ... has been authorized on 09/23/2019 12:40:02 PM EDT.

Do not reply to this Alert.

If you have questions, please call the number on the back of your credit card, or send a secure
message from your Inbox on www.chase.com.

To see all of the Alerts available to you, or to manage your Alert settings, please log on to
www.chase.com.

Start at the BOTTOM of the email above and start lookup UPWARDS for lines that start with "Received: from". The reason you start from the bottom is because you want to find the FIRST IP address that is mentioned. As emails bounce across the internet on their way to delivery, each hop PREPENDS its own information to the TOP of this listing. So you have to start looking from the bottom, to find the initial guy who created the email.

In the example above, the first line that meets that criteria is:

Received: from cdc2vpc5lpr20 (loopback [127.0.0.1])

We always ignore any line that references 127.0.0.1, and continue the search upwards. The next line that meets the criteria is:

Received: from cdc2vpc5lpr20.svr.us.jpmchase.net (cdc2vpc5lpr20.svr.us.jpmchase.net [169.121.236.225])

This is the line you want. Specifically, what you want is the IP address, which is:

169.121.236.225

Note that you may have to do some side-to-side scrolling in your brower to see that 169 number above, it's off to the right and may not be initially visible. Also note that there is other stuff around that IP address that mentions "jpmchase", which is "J.P. Morgan Chase" ... my bank. But do not trust this, as it can be spoofed by a good hacker. The actual IP address, "169.121.236.225" cannot easily be spoofed.

So now we have completed step one of identifying where our email came from. We have the senders IP address. Now we want to do a lookup on that to see who/what/where it is. This is called a "whois" lookup. There are several places on the web where you can do this lookup. One such place being http://ip-whois-lookup.com/ So go there, on on the upper right part of the webpage there is a place labeled "Whois Lookup". Cut-n-paste the IP address that you found above into that dialog box and click "Go".

This is what showed up with a whois lookup for my example email above:

NetRange: 169.64.0.0 - 169.127.255.255
CIDR: 169.64.0.0/10
NetName: JMC
NetHandle: NET-169-64-0-0-1
Parent: NET169 (NET-169-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: JPMorgan Chase & Co. (JMC-39)
RegDate: 1993-08-24
Updated: 2012-02-24
Ref: https://rdap.arin.net/registry/ip/169.64.0.0

OrgName: JPMorgan Chase & Co.
OrgId: JMC-39
Address: 120 Broadway
City: New York
StateProv: NY
PostalCode: 10271-1999
Country: US
RegDate: 2006-11-21
Updated: 2017-10-19
Ref: https://rdap.arin.net/registry/entity/JMC-39

OrgTechHandle: IPADM322-ARIN
OrgTechName: IP Admin
OrgTechPhone: +1-614-248-5800
OrgTechEmail: [email protected]
OrgTechRef: https://rdap.arin.net/registry/entity/IPADM322-ARIN

OrgAbuseHandle: ABUSE6593-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-614-213-0000
OrgAbuseEmail: [email protected]
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE6593-ARIN

Note that this whois lookup indeed references "JPMorgan Chase & Co" many times. So this has given us the real senders identity.

The above steps are how I would verify that an email I received allegedly from Chase Bank did indeed come from Chase Bank.

The hardest part is probably the very first step: Figuring our how your specific email client (Thunderbird, Gmail, Outlook, or whatever) allows you to "view the message source". Some email clients may call this "View Headers". Note that Thunderbird also has a "View Headers" that you can click on, but that shows you a very abbreviated view that does not contain the information you need. You have to use "View Message Source" to find what you need in Thunderbird. Other email clients may be easier or more difficult. You could probably do a Google search on "how to display email headers using XXX" to find out what to do.

Very good explanation...much better than mine. Good post Haertig!!

 

[VenomJockey]

I've been getting a message that starts this way, for months. It assumes that I use a laptop with camera to record myself masturbating while watching internet porn. I wonder how many 'hits' they get.

Porn sites are notorius for this and for loading up your computer with spyware and other malware. Porn sites are to be avoided like the plague!!

 

[Sentry18]

Porn sites are notorius for this and for loading up your computer with spyware and other malware. Porn sites are to be avoided like the plague!!

Our LEO computer crimes guys tell us the porn sites are not a problem, as the porn industries makes a FORTUNE off of those sites. So they protect it with high dollar security and high dollar Techs. They claim the most vulnerable sites are Christian and other religious sites that spend far less on security. And because people in those groups tend to be more trusting and have more money.

 

[Weedygarden]

Thank you! I will try this out later when I have some time to focus on it.

 

[The Lazy L]

...I put a lock on her credit just to be on the safe side.

I've locked down my credit with the the big three companies. I never anticipated getting a mortgage or loan so why not shut off credit as a preventive measure.