Threat Level: green Handler on Duty: Mark Hofman

SANS ISC Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

ISC StormCast for Thursday, September 18th 2014 http://isc.sans.edu/podcastdetail.html?id=4153
IOS8 is out - IOS 8 has arrived and with it the numerous devices that will be updating over the next few days or so your internet connection will be busy.

Your online background check is now public!

Published: 2014-09-17
Last Updated: 2014-09-17 22:33:39 UTC
by Daniel Wesemann (Version: 1)
5 comment(s)

An email titled "Your online background check is now public" might be half-scary if it was sent to a real person. But if it is a bunch of honeypot email addresses that have nobody associated to them in real life, and they get half a dozen of these emails per week, then it can only be spam, scam, or - most likely - both.

After tolerating and binning these noisy emails for a number of weeks, we finally decided to take a look-see on what is behind them. Turns out they all lead to "instantcheckmate-dot-com", who are peddling "background investigation services".

Sadly, the "background check" for our Honeypot actually wasn't all that extensive. I would have loved to read about the sleazy hidden life of our little Honeypot, especially its speeding tickets (highly unlikely, it is an old i486) and its convictions for possession (more likely, given that on past occasions, smoke has been seen coming from the enclosure), or its sex offenses (unlikely again, given that its ports are all serial, and its slots are all ISA :).

We didn't try the Instant Checkmate "service", so I can't tell if its any good. But given that its offerings apparently need to be spammed, and the spammed URLs change daily, and redirect across four hops to end up on tcgtrkr-dot-com, and finally on instantcheckmate, I'd say the odds are they ain't up to much good.

If you own this "service", you are welcome to comment, after all, your background check is now public :). If you prefer not to comment, you might want to consider removing email addresses that have the word "sans" in them from your spam list, maybe?

Keywords: spam
5 comment(s)
ISC StormCast for Wednesday, September 17th 2014 http://isc.sans.edu/podcastdetail.html?id=4151

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Your online background check is now public!
published 15 hours ago by Daniel (4 comments)

FreeBSD Denial of Service advisory (CVE-2004-0230)
published 1 day ago by Mark (1 comment)

https://yourfakebank.support -- TLD confusion starts!
published 1 day ago by Daniel (4 comments)

Google DNS Server IP Address Spoofed for SNMP reflective Attacks
published 2 days ago by Dr. J. (14 comments)

Even Bad Malware Works
published 2 days ago by Dr. J. (3 comments)

SSDEEP update
published 3 days ago by Jim (0 comments)

Are credential dumps worth reviewing?
published 5 days ago by Chris (1 comment)

View All Diaries →

Latest Discussions

RSS feeds broken in Sage
created 2 weeks ago by Madmanguruman (0 replies)

Brown Breach.. . UPS
created 3 weeks ago by ICI2Eye (0 replies)

So, how dead is antivirus exactly?
created 4 weeks ago by Safensoft (3 replies)

recommender system for network intrusion detection
created 1 month ago by BiSarfraz (2 replies)

Stale prefixes associated with our AS
created 1 month ago by cj (0 replies)

View All Forums →

Latest News

View All News →