This latest derivative comes across as an authentic looking email from "2012, Western Union" thanking me (or more specifically, a random name that isn't actually me) for using the Western Union Money Transfer service. The email goes on to say that a credit of several hundred dollars is ready for me to pickup. All I have to do is to click on a link for the transaction details.
And as a bonus -- I have also earned Western Union Gold Points for the transaction. I like bonuses. I wonder if I can convert them to airline miles?
Regardless -- like all the versions that came before, this latest incarnation is clearly fake and appears to have been sent with malicious intent.
All of the emails appear to be an attempt to trick the reader into clicking on a variety of non-Western Union links peppered throughout the messages.
None of the links I found in the messages I received were working when I tested.
These links threw an immediate 404 --
http://www [DOT] fantallenatori [DOT] com/pUcAJCR5/index [DOT] html
http://www [DOT] fantallenatori [DOT] com/uAu1GZ1V/index [DOT] html=
http://www [DOT] fantallenatori [DOT] com/6E3eDXLg/index [DOT] html
http://quevenderparaganardinero [DOT] com/ZYbjfFiB/index [DOT] htm
http://quevenderparaganardinero [DOT] com/psdr66QH/index [DOT] html
Weirdly, this single link threw an authentication challenge from www [DOT] pictoo [DOT] de:80 --
http://www [DOT] pictoo [DOT] de/5TpLpTTy/index [DOT] html
These links attempted to redirect to http:// 69.163.40.128 /pxyk80ujzb03h [DOT] php?y=p7tqagmzf8qdjqpi (which also threw a dead 404 error from a nginx v0.7.67 server) --
http://doctorraulseveriche [DOT] com/N9SvVNHj/index [DOT] html
http://inove [DOT] imb [DOT] br/oRVx4RJW/index [DOT] html
http://6-engel [DOT] com/7KwgSTdk/index [DOT] html
http://afistan [DOT] com/TwWrw4T9/index [DOT] html
http://academiaplataforma [DOT] com [DOT] br/EsRMFkkp/index [DOT] html
But during the redirect, it threw a "WAIT PLEASE Loading. . ." message in a format I've seen previously used to send the visitor to a website serving automated exploits back to the visiting user's machine.
It's possible these 5 specific links might be working at a later time with just a simple DNS update pointing the redirect to another live host.
Good times
Screenshot of an example email:
Yep, this Western Union email is clearly fake
Text of an example email (minus the html formatting):
Delivered-To: christoperj
Received: by 10.231.42.212 with SMTP id t20csp22737ibe;
Thu, 30 Aug 2012 05:54:32 -0700 (PDT)
Received: by 10.42.18.193 with SMTP id y1mr4641886ica.0.1346331271484;
Thu, 30 Aug 2012 05:54:31 -0700 (PDT)
Received-SPF: neutral (: 10.10.10.23 is neither permitted nor denied by domain of commerciale@eurocina.it) client-ip=10.10.10.23;
Received: by 10.64.35.42 with POP3 id e10mf1997265iej.8;
Thu, 30 Aug 2012 05:54:30 -0700 (PDT)
Return-Path:
Delivered-To:
Received: from mx1 ([10.10.10.23])
by mss-us12 (Dovecot) with LMTP id MNheK7NhP1BXIwAAkZ4h7A
for; Thu, 30 Aug 2012 12:51:09 +0000
Received: from srv534004-1.cloud.colt-engine.it (srv534004-1.cloud.colt-engine.it [81.31.148.114])
by mx1 (Postfix) with ESMTP id 442AB4715AB
for; Thu, 30 Aug 2012 12:51:09 +0000 (GMT)
Received: from 85-250-70-7.bb.netvision.net.il ([85.250.70.7] helo=eurocina.it)
by srv534004-1.cloud.colt-engine.it with esmtpsa (TLSv1:AES256-SHA:256)
(Exim 4.76)
(envelope-from)
id 1T74CM-0002Od-2o; Thu, 30 Aug 2012 14:50:14 +0200
Message-ID: <337f2ff7 .43d9abdf=".43d9abdf" eurocina.it="eurocina.it">
Date: Thu, 30 Aug 2012 14:50:17 +0200
Reply-To: "2012, Western Union"
From: "2012, Western Union"
X-Accept-Language: en-us
MIME-Version: 1.0
To:
Subject: Western Union: Confirmed money transfer
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Dear Melanie Gibb,
Thank you for using the Western Union Money Transfer service
Your money transfer has been authorized, and is now available for pick up by the receiver.
Transfers to certain destinations may be subject to further delay or additional restrictions.
TRANSACTION DETAILS:
Your Money Transfer Control Number [MTCN] is: 7741471847
Please use this number for all inquiries.
Date of Order: 08/13/2012
Time of Order: 3:25 p.m. ET
Total Amount: $200.50
Transaction Type: credit
AUTH CODE: 16985615
Selected Additional Service (s):
No Additional Services selected.
Western Union Gold Card Reward Summary
Western Union Card Number: 43566235
Points Earned: 85
Total Points: 30
Click here for transaction details [LINK TO NON-WESTERN UNION SITE]
YOU EARNED 3 MINUTES OF PHONE TIME! Your time is loaded directly on your card. Calling instructions are on the card back, or dial 888-628-8862 & enter your personal PIN: 233705064231.
You sent the funds, now make it personal!
Record a greeting with your webcam, upload a photo or send a postcard!
Send a free greeting now at http://wugreetings [DOT] com
Check if the receiver has picked up the money transfer. [LINK TO NON-WESTERN UNION SITE]
IN ADDITION TO THE TRANSFER FEE, WESTERN UNION ALSO MAKES MONEY WHEN IT CHANGES YOUR DOLLARS TO PESOS. PLEASE SEE BELOW FOR MORE INFORMATION REGARDING CURRENCY EXCHANGE.
ADEM?S DE LOS CARGOS POR EL SERVICIO DE TRANSFERENCIA, WESTERN UNION TAMBI?N GANA DINERO CUANDO CAMBIA SUS D?LARES A PESOS. POR FAVOR LEA EN LA PARTE INFERIOR M?S INFORMACI?N SOBRE EL CAMBIO DE MONEDA.
THE CURRENCY TO BE PAID OUT AND THE EXCHANGE RATE FOR YOUR TRANSACTION WERE DETERMINED AT THE TIME OF SEND IF LISTED ON YOUR RECEIPT. OTHERWISE, THE EXCHANGE RATE WILL BE SET WHEN THE RECEIVER RECEIVES THE FUNDS. PROTECT YOURSELF FROM CONSUMER FRAUD. BE CAREFUL WHEN A STRANGER ASKS YOU TO SEND MONEY. FOR A COMPLETE COPY OF THE TERMS AND CONDITIONS GOVERNING THIS TRANSACTION AND THE SERVICES YOU HAVE SELECTED PLEASE REVIEW AND PRINT THE TERMS AND CONDITIONS.[LINK TO NON-WESTERN UNION SITE]
REFUNDS. PRINCIPAL REFUNDS and cancellation of the money transfer will be made if payment to the Receiver has not been made when Western Union processes Customers written request. TRANSFER FEE REFUNDS are generally made if funds are not available to the Receiver within Western Unions specified timeframes. Qualifying refunds will be made within 45 days of receipt of Customers valid written request.
LIMITATIONS OF LIABILITY. . IN NO EVENT SHALL WESTERN UNION BE LIABLE FOR DAMAGES FOR DELAY, NONDELIVERY, NONPAYMENT OR UNDERPAYMENT OF ANY SERVICES TRANSACTION, WHETHER CAUSED BY NEGLIGENCE ON THE PART OF ITS EMPLOYEES, SUPPLIERS OR AGENTS OR OTHERWISE, BEYOND THE SUM OF $500 (in addition to refunding the principal amount and the transfer fees), UNLESS THE SENDER HAS OBTAINED A HIGHER LIABILITY LIMIT BY CALLING THE TELEPHONE NUMBER SET FORTH BELOW AND PAYING AN ADDITIONAL CHARGE THEREFOR. IN NO EVENT WILL WESTERN UNION BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY OR PUNITIVE DAMAGES OR THE LIKE. THESE CONDITIONS CANNOT BE CHANGED OR SUPPLEMENTED ORALLY.
CURRENCY EXCHANGE. Payments will generally be in local currency (except that in certain countries payment may be in U.S. dollars or other alternate currency at participating locations). In addition to the transfer fees applicable to this transaction, a currency exchange rate will be applied. United States currency is converted to foreign currency at an
exchange rate set by Western Union. Any difference between the rate given to Customers and the rate received by Western Union will be kept by Western Union (and its Agents in some cases) in addition to the transfer fees. Please ask a customer service representative for information concerning the currency exchange rate applicable to your transaction. You may also find out
the current foreign exchange rate provided by Western Union to its customers by calling toll-free to 1-800-325-6000.
The transfer fees and the money Western Union (or its Agents) makes when it changes your dollars into foreign currency may vary based upon the payout currency that you select. Some Western Union Agents may offer receivers the choice to receive funds in a currency different from the one you selected. In such instances, Western Union (or its Agents) may make additional money when it changes your funds into the Receiver selected currency.
CAMBIO DE MONEDA. Los pagos se har?n generalmente en moneda local (excepto que en algunos pa?ses el pago puede hacerse en d?lares estadounidenses u otra moneda alternativa en lugares habilitados). Adem?s de los cargos por el servicio de transferencia establecidos para esta transacci?n, se aplicar? un tipo de cambio de moneda. Para la conversi?n de la moneda de los Estados Unidos a moneda extranjera se aplicar? el tipo de cambio determinado por Western Union. Cualquier diferencia entre el tipo de cambio ofrecido a los clientes y el tipo de cambio obtenido por Western Union, adem?s de los cargos por el servicio de transferencia, corresponder? a Western Union (y sus agentes en algunos casos). Por favor solicite el representante de servicio al cliente que le atienda informaci?n respecto al tipo de cambio de moneda que se va a aplicar a su transacci?n. Usted tambi?n puede solicitar informaci?n sobre el tipo de cambio de moneda extranjera actual que este ofreciendo Western Union a sus clientes, llamando gratuitamente al 1-800-325-4045.
Los cargos por el servicio de transferencia y el dinero que Western Union (o sus Agencias) ganan al cambiar sus d?lares a moneda extranjera pueden variar de acuerdo a la moneda de pago que usted seleccione. Algunas localidades de agentes de Western Union pueden ofrecer al Destinatario la elecci?n de recibir el dinero en una moneda diferente a la que usted seleccion?. En tales casos, Western Union (o sus agentes) pueden ganar dinero adicional cuando cambien su dinero a la moneda elegida por el Destinatario.
WESTERN UNION PRIVACY POLICIES: Western Union may disclose your personal information to third parties as explained in its Privacy Statement ("Statement"). To obtain a copy of the Statement, ask your Western Union Agent or call 1-800-562-2598. Information disclosed may include financial background; identification, such as name and address; transaction information; and other information relating to financial matters. Recipients may include financial institutions; retailers; companies that process
transactions or provide other services for us; government agencies; and direct marketers. You may opt out of (direct us not to make) certain disclosures. If you do not opt out, we will assume that you agree that your
information may be used as the Statement describes. To opt out, call 1-800-562-2598.
We value your opinion! Go to [LINK TO NON-WESTERN UNION SITE, masked as westernunion [DOT] com] to tell us about our service. Survey code : 2879429247.
If you have any questions, visit us at [LINK TO NON-WESTERN UNION SITE, masked as westernunion [DOT] com]
Thank you for using Western Union!
DO NOT REPLY TO THIS EMAIL. IF YOU HAVE QUESTIONS PLEASE CONTACT US [LINK TO NON-WESTERN UNION SITE]