Spam Mega Thread

Not quiet spam, but I was surprised to get an email from 7dayshop within an hour or so or visiting their site for the purposes of this post. I didn't login during that visit. I made one purchase from them years ago, but I'm certain that I've reinstalled my OS since then, so I'm not sure how a cookie would link my visit to my email address.

So is it coincidence, or have they some way of linking my recent visit to my previous transaction & email?

Why do Nigerian Scammers Say They are from Nigeria?

False positives cause many promising detection technologies to be unworkable in practice. Attackers, we show, face this problem too. In deciding who to attack true positives are targets successfully attacked, while false positives are those that are attacked but yield nothing.

This allows us to view the attacker's problem as a binary classification. The most profitable strategy requires accurately distinguishing viable from non-viable users, and balancing the relative costs of true and false positives. We show that as victim density decreases the fraction of viable users than can be profitably attacked drops dramatically. For example, a 10× reduction in density can produce a 1000× reduction in the number of victims found. At very low victim densities the attacker faces a seemingly intractable Catch-22: unless he can distinguish viable from non-viable users with great accuracy the attacker cannot find enough victims to be profitable. However, only by finding large numbers of victims can he learn how to accurately distinguish the two.

Finally, this approach suggests an answer to the question in the title. Far-fetched tales of West African riches strike most as comical. Our analysis suggests that is an advantage to the attacker, not a disadvantage. Since his attack has a low density of victims the Nigerian scammer has an over-riding need to reduce false positives. By sending an email that repels all but the most gullible the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor.

KoolKid wrote: »

Worst worded one I have ever seen.....

ATTN: SIR,

WE WANT TO INFORM YOU THAT WE ARE TRY TO CALL YOU TO PICK UP YOUR FUNDS OF
£1,488,569.13 TODAY BECAUSE YOUR FUNDS WAS RELEASE TO YOU BY THE UK
INTERNATIONAL LAURYNTO,IF YOU ARE READY TO COLLECT YOUR FUNDS AND WE ARE
READY TO SEND YOUR INFORMATION TO YOU TO COLLECT YOUR FUNDS AS SOON AS
POSSIBLE.

EXPECTING YOUR IMMEDIATE RESPONSE.

REGARDS,

DR BARRY GROOT
+31 61 77 446 50

Your reply should read:

I am Groot!

Anyone hear of this Company Tenjin & Associates. Japan. they have informed me that my current share value is $177,000 & to release the money I must send them $7800. I got a couple of Emails & phone calls by a person calling himself Samuel Booth.
I invested €2000 in Pacific International 10 years ago but their worth nothing.

Linkedin hacked again!??

Go an email to my dedicated and unique linkedin email address wih Bank of Ireland content ! Very strange !







Received: from

Wed, 24 Aug 2016 11:22:14 +0100
Return-Path: <msprvs1=17044d0x7lva1=bounces-77338@bounce.fntv.com>
Delivered-To:
Received: (qmail 28236 invoked by uid 399); 24 Aug 2016 11:20:05 -0000
Delivered-To: linkedin
Received: (qmail 28230 invoked by uid 399); 24 Aug 2016 11:20:05 -0000
Received: from unknown (HELO mta53a.sparkpostmail.com) (54.244.48.130)
(de-)crypted with TLSv1: DHE-RSA-AES256-SHA [256/256] DN=unknown by
mail1.myisp.ie with ESMTPS; 24 Aug 2016 12:20:05 -0000
X-Originating-IP: 54.244.48.130
Received-SPF: pass (mail1.myisp.ie: SPF record at _spf.sparkpostmail.com designates 54.244.48.130 as permitted sender)
identity=mailfrom; client-ip=54.244.48.130;
envelope-from=<msprvs1=17044d0x7lva1=bounces-77338@bounce.fntv.com>;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fntv.com;
s=scph0816; t=1472041188; i=@fntv.com;
bh=ga8atk7QEsB9WZQGUEnmDZZs09FVl/SzT8ZqLX+Xt28=;
h=Reply-To:From:To:Subject:Date:List-Unsubscribe:List-Id;
b=DQVmdTvDUqnA/GK6Pqu3ewvEVhVRfEM0WNYJVBNPddTyNhmafTwpVvLso46CPrTgC
So1iBA4VVss/W3WXcW9huTaT9RZyQHO7WeX8GO3XDT/kA+6kIfHDkvlqWzZLZsBLR2
rFrXQYaJ4ouuRiIiyKrx7pc3mB7CZfJd7bQA5AnY=
X-MSFBL: bEbD7POqYWg71xy+GmfSu/xCdYWQYPcrGZEkZqkA1/s=|eyJ0ZW5hbnRfaWQiOiJ
zcGMiLCJnIjoiYmdfbmV3Iiwic3ViYWNjb3VudF9pZCI6IjAiLCJpcF9wb29sIjo
ic2hhcmVkIiwibWVzc2FnZV9pZCI6IjAwMDFlMzkwYmQ1NzIxMTAxMDgzIiwicmN
wdF90YWdzIjpbIF0sInNlbmRpbmdfaXAiOiI1NC4yNDQuNDguMTMwIiwidGVtcGx
hdGVfaWQiOiJzbXRwXzMwMzYyMTUxMzMxODQ1NjIxIiwicmNwdF9tZXRhIjp7fSw
iZnJpZW5kbHlfZnJvbSI6InBvc3RtYXN0ZXJAZm50di5jb20iLCJyIjoibGlua2V
kaW5fMjAxNEBjdHJsYWx0ZGVsZXRlLmllIiwiY3VzdG9tZXJfaWQiOiI3NzMzOCI
sInRyYW5zbWlzc2lvbl9pZCI6IjMwMzYyMTUxMzMxODQ1NjIxIiwiaXBfcG9vbF9
yYXciOiJuZXciLCJiIjoiaXBfNTQuMjQ0LjQ4LjEzMCIsInRlbXBsYXRlX3ZlcnN
pb24iOiIwIn0=
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset="iso-8859-1"
Authentication-Results: momentum3.platform1.us-west-2.aws.cl.messagesystems.com smtp.user=smtp_injection; auth=pass (LOGIN)
Received: from [188.212.109.10] ([188.212.109.10:57334] helo=fntv.com) by
momentum3.platform1.us-west-2.aws.cl.messagesystems.com (envelope-from
<msprvs1=17044d0x7LVA1=bounces-77338@bounce.fntv.com>) (ecelerity
4.2.24.56718 r(Core:4.2.24.5)) with ESMTPSA (cipher=AES256-SHA) id
01/38-04129-3E09DB75; Wed, 24 Aug 2016 12:19:48 +0000
Reply-To: postmaster@fntv.com
From: Bank of Ireland 365 Online <postmaster@fntv.com>
To: first_email.ie, second_email.ie,
linkedinXXX
Subject: 3D Secure Service Disabled linkedin_myemail
Date: Wed, 24 Aug 2016 12:19:46 +0200
Message-ID: <20160824141945.ECE08F0D1A@fntv.com>
MIME-Version: 1.0
List-Unsubscribe: <mailto:unsubscribe@unsub.spmta.com?subject=unsubscribe:2IFt0wN5kKeoz3MXqh22grMueNwrlman2KwoazqbJM4~|eyAicmNwdF90byI6ICJsaW5rZWRpbl8yMDE0QGN0cmxhbHRkZWxldGUuaWUiLCAicmNwdF9tZXRhIjogInt9IiwgInJjcHRfdGFncyI6ICJbIF0iLCAiZnJpZW5kbHlfZnJvbSI6ICJwb3N0bWFzdGVyQGZudHYuY29tIiwgInRlbXBsYXRlX2lkIjogInNtdHBfMzAzNjIxNTEzMzE4NDU2MjEiLCAibWVzc2FnZV9pZCI6ICIwMDAxZTM5MGJkNTcyMTEwMTA4MyIsICJzZW5kaW5nX2lwIjogIjU0LjI0NC40OC4xMzAiLCAidGVtcGxhdGVfdmVyc2lvbiI6ICIwIiwgIm1haWxmcm9tIjogIm1zcHJ2czE9MTcwNDRkMHg3TFZBMT1ib3VuY2VzLTc3MzM4QGJvdW5jZS5mbnR2LmNvbSIsICJpcF9wb29sIjogInNoYXJlZCIsICJpcF9wb29sX3JhdyI6ICJuZXciLCAiY3VzdG9tZXJfaWQiOiAiNzczMzgiLCAic3ViYWNjb3VudF9pZCI6ICIwIiwgInRlbmFudF9pZCI6ICJzcGMiLCAidHJhbnNtaXNzaW9uX2lkIjogIjMwMzYyMTUxMzMxODQ1NjIxIiB9>

2RockMountain wrote: »

Why 'again'? Could they have got your email from the hack a few months back?

That email,before hack,was _2012.I created a new email with _2014 in the name field.
So,how the 2014 created email got in the spammers database !???

Even more...yesterday i got an email from Netflix inform me that i failed to renew my never had service... AND at the same email.
Send an email to GoDaddy as the domain "@fntv&quot; is registered with them.

Peculiar world of IT...