I received an e-mail on Feb 6th (yes I know, that was two months ago, but bear with me), claiming to be from Liberty Reserve. As I have Outlook show all e-mail in plain text, I didn't see what was going on at first. I fired up Pocketknife Peek, which allows the showing of headers and such, and looked at the original HTML version - which showed exactly what was going on - Liberty Reserves own affiliates have decided fraud just isn't enough - they want to go for good ole' affiliate spam too.
This particular one links to;
The portion after lr_acc=, is the affiliates ID.
The e-mail originated from;
IP PTR: 220.127.116.11.dpi.ir
ASN: 5618 18.104.22.168/21 DPI DP IRAN
The content of the e-mail itself;
So why am I mentioning this, given it is two months old and just a bog standard affiliate spam? Well, the content of the e-mail strangely enough. Or more specifically, two lines of it, that not enough people seem to keep in mind.
Phishing scams and bog standard e-mail scams generally have one thing in common - they rarely include the details you'd expect in the legit versions. For banks etc, and the likes of eBay, PayPal etc - a legit e-mail will ALWAYS include your real name, for other sites.
This e-mail specifically states LR will always include your real name and will never include links - yet this includes a link and doesn't include my real name (not surprising given it's spam - and I've never been a user of or registered with, Liberty Reserve).
I know most will shrug this off and then not keep it in mind the next time spam/phishing e-mails come in your inbox, but one of the main reasons people fall for phishing scams for example, is because they see the banks name, sites name etc, and rarely read what it's actually saying before clicking, and never check where it is linking to, before clicking - and worst still - never check the address bar in the browser, once the phishing site itself has loaded - this needs to change.
If necessary, pop a stick it on your monitor to remind you to;
1. Always fully read e-mails that come into your inbox
2. If an e-mail claims to be from your bank/ebay/PayPal etc - check it includes your FULL REAL NAME!
3. ALWAYS check where it is linking to, before clicking it (hover your mouse over the link to do this)
4. ALWAYS check the URL in the address bar, after it has loaded (assuming you've not done #3)
5. If an e-mail claims to be from your bank/ebay/paypal etc, and asks you to open an attachment - DELETE IT - IT'S MALICIOUS!
Remind others of this too.
Forgot to mention, there have been 2 additional e-mails since the one in Feb. Both in March and both with the same content.
Same origin IP for both e-mails. Link in both e-mails led to;