25 November 2006

phishing walmart

a little while ago we read this news item wal-mart's holiday opening disappoints via the town talk then a few minutes later noticed we had received several walmart based phishing emails -- to gmail's credit they were sorted to junk. naturally this made us wonder if the phishing had something to do with it. nah probably not. perhaps, could it be walmart's growing public perception as an evil empire?

anyway, one tip off that this is a phishing scam is that walmart has no reason to have our email address. we've never used this email address to order anything online much less from walmart or sams.

X-Gmail-Received: 9811646c1950f17050ef4ba53629ef1445eabeee
Delivered-To: wesawthat@gmail.com
Received: by 10.35.12.12 with SMTP id p12cs53194pyi;
Sat, 25 Nov 2006 13:22:43 -0800 (PST)
Received: by 10.35.21.1 with SMTP id y1mr9125209pyi.1164489763244;
Sat, 25 Nov 2006 13:22:43 -0800 (PST)
Return-Path:
Received: from gmlzqx ([85.103.97.216])
by mx.google.com with SMTP id p57si9673693pyb.2006.11.25.13.22.41;
Sat, 25 Nov 2006 13:22:43 -0800 (PST)
Received-SPF: neutral (google.com: 85.103.97.216 is neither permitted nor denied by best guess record for domain of pryyse@4rgroup.com)
Received: from mlqoqr by gmlzqx with local (Exim 4.42 (FreeBSD))
id 1Go4yw-000P6I-YY
for wesawthat@gmail.com; Sat, 25 Nov 2006 23:22:42 +0200
To:
Subject: Walmart Store! Christmas sale! Discounts up to 50%!
From: "Walmart"
Content-Type: text/html;charset=iso-8859-1
Content-Transfer-Encoding: 7BIT
Message-Id: <1go4yw-000p6i-yy@gmlzqx>
Sender: User mlqoqr
Date: Sat, 25 Nov 2006 23:22:42 +0200

another tipoff is that the pictures in the email wont display -- this is because the webhost of the phishing website has already terminated service to it. you can tell this by hovering your mouse over the hyperlink "sony playstation3 60gb bundle..." and you can see the domain walmart-estore.com which is the domain the pictures are hosted from.
i.e.
http://walmart-estore.com/product.php?productid=16455&cat=0&page=1

click pictures to enlarge


next, in order to to confirm our suspicions we look up (whois) the domain walmart-estore.com to see if its a walmart owned domain or not. -- its not.

as you can see its owned by someone allegedly named "larry shepard"

just to make sure we look up walmart.com to see how it is registered and hosted etc

====
for the heck of it we looked up cheerful.com and it would appear that what mr. shepard has given in the above whois result for walmart-estore.com is a forgery.

the purpose of phishing scams like these is to fool the recipient into thinking that they are ordering something from walmart when in reality they are doing nothing but handing over their credit card and personal identifiable information.
====
related posts
  • walmart
  • phishing
  • the smiling negros
  • ====
    see also
    wal-mart sees weak sales as holiday season starts
    ====
    castlecops.com links here see thread p863258-Facinating_Elaborate_Wal_Mart_Phish

    EXTERNAL LINK