is this a scam ?

[Guest]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

> SCAM : Subject: New Private Message has arrived
> SCAM : From: admin@winxptalk.com
> SCAM : Date: Sat, 7 May 2005 11:54:30 -0500
> SCAM :
> SCAM :
> SCAM : Hello cbminfo,
> SCAM :
> SCAM : You have received a new private message to your account on "WinXPTalk.com" and you have requested that you be notified on
> SCAM : this event. You can view your new message by clicking on the following link:
> SCAM :
> SCAM : http://www.winxptalk.com/privmsg.php?folder=inbox
> SCAM :
> SCAM : Remember that you can always choose not to be notified of new messages by changing the appropriate setting in your profile.
> SCAM :
> SCAM : --
> SCAM : Thanks, WinXPTalk.com

Why would I think this..

1 I didn't subscribe to this group.
2 There's no way to unsubscribe from this group
3 despite the huge amount of messages, they're leached from the usenet news
groups.
4 Rather than enter a common password, I chose to let it generate one for me.
That was the one item besides cookies that it didn't have on me to access
accounts all over the web.
5 no complaint desk.
6 no contact other than the one in this email.

Suspicions are that it may just be catching passwords.

Have you been struck by this particular board ? I wonder if usenet knows
they're leaching their messages ?

You know you use a common password all over the web. Might even be the same one
you use for banking.

--
more pix @ http://members.toast.net/cbminfo/index.html

 

[user]

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

"Husky" <cbminfo@toast.net> wrote in message
news:5l2q71h3gjulc3tmp9pgm11r0gmor05n26@4ax.com...
>> SCAM : Subject: New Private Message has arrived
>> SCAM : From: admin@winxptalk.com
>> SCAM : Date: Sat, 7 May 2005 11:54:30 -0500
>> SCAM :
>> SCAM :
>> SCAM : Hello cbminfo,
>> SCAM :
>> SCAM : You have received a new private message to your account on
>> "WinXPTalk.com" and you have requested that you be notified on
>> SCAM : this event. You can view your new message by clicking on the
>> following link:
>> SCAM :
>> SCAM : http://www.winxptalk.com/privmsg.php?folder=inbox
>> SCAM :
>> SCAM : Remember that you can always choose not to be notified of new
>> messages by changing the appropriate setting in your profile.
>> SCAM :
>> SCAM : --
>> SCAM : Thanks, WinXPTalk.com
>
> Why would I think this..
>
> 1 I didn't subscribe to this group.

But someone else might have subscribed using your e-mail address.
Either they do not send a confirmation e-mail to the entered e-mail
address to make sure that person actually signed up who controls that
e-mail account, or you got it and deleted it awhile ago. This message
means someone sent a private message that requires logging into their
forum to read it.

> 2 There's no way to unsubscribe from this group

Indeed a poorly designed forum, especially without any contact info to
report abuse. You might try reporting their e-mails as spam to GoDaddy
(their registrar) to see if they can convince that domain, or to kill
that domain if they continue to spam.

Their domain registration lists PFTALK.COM as their nameserver. Well,
the domain registration for pftalk.com comes back to the same
registrant, so he is running his own nameserver (DNS).

If you find no contact e-mail address and messages go unresponded to the
typical e-mail addresses, like postmaster@winxptalk.com, then consider
it spam and report it to various blocklists, like SpamCop. When the
domain gets blocklisted as a spam source with enough complaints, they
might finally listen.

> 3 despite the huge amount of messages, they're leached from the usenet
> news
> groups.

Yeah? There are lots of forum-to-usenet gateway sites out there. It
means those that haven't a clue about Usenet are able to spew their
posts into Usenet. Another source of dummies, more Usenet clueless
boobs.

> 4 Rather than enter a common password, I chose to let it generate one
> for me.
> That was the one item besides cookies that it didn't have on me to
> access
> accounts all over the web.

You actually tried logging in? What, you created a new account to see
what would happen? Did you use an e-mail alias (sneakemail.com),
disposable e-mail account (trashmail.net), or disposable webmail account
(yahoo, hotmail) to register your "test" account? Or were you dumb
enough to actually give them your real e-mail address so they can now
spam you from their "affiliates"? Trust is something earned. If you
used an e-mail alias that was unique and only provided to them, you sure
would know in 4 to 6 months if you ever got spammed on that e-mail alias
from them since they were the only one that got that e-mail account.

> 5 no complaint desk.
> 6 no contact other than the one in this email.

Their domain was registered on Dec 2004 and for only ONE YEAR. If they
thought that this was going to be a viable forum, I doubt they would
have registered it for only one year. The contact e-mail address is
also a Gmail account.

A traceroute on www.winxptalk.com shows their upstream provider is
Savvis.net. You could contact them regarding this suspicious site.
According to ARIN's WhoIs, the IP address of 72.21.48.124 for
www.winxptalk.com is allocated to layeredtech.com, so try them first and
then Savvis.

> Suspicions are that it may just be catching passwords.

For what? For the e-mail address you provided during registering for an
account that you didn't want, anyway?

> Have you been struck by this particular board ? I wonder if usenet
> knows
> they're leaching their messages ?

Nothing unique about that. There is even an MS Office forum (forget the
name) that uses a gateway to Usenet. The boobs are coming, the boobs
are coming.

> You know you use a common password all over the web. Might even be the
> same one
> you use for banking.

Only if you are an idiot. Are you? I figured out an algorithm that
lets me use a different password on every domain. It is something easy
to remember and it gives me a strong password. Every domain gets a
different password. It's really not hard to come up with an algorithm.
Use your dog's name but remove all vowels and only use up to the first 4
consonant characters. Then follow with the first and last digits of
your 4-digit birthyear. Then use the first 4 characters of the domain's
name but use them in reverse order; if the domain is shorter than 4
characters than include the TLD (top-level domain, like com, org, net).
Now you have your domain-specific password using the same algorithm you
use at every domain. I'm sure you could come up with another algorithm
that is always the same and results in a unique password for every
domain. I would've suggested using periods or underscores at some spots
in the password except there are too many stupid programs out there that
won't accept them in a password, so use a combo of alphanumeric
characters that aren't words.

--
____________________________________________________________
** Post your replies to the newsgroup - Share with others **
For e-mail Reply: remove "DELETE", add "~VN56~" to Subject.
____________________________________________________________