Mysterious Creepy Spam Email V2 Oh god they're back
64 replies, posted
'You have reached a non-working number 14 switch 40-6'
It's probably a spammer sending random emails, then when you replied (bad move!!!) he got confirmation that your email is active, and so he adds it to his "working emails" list.
I assume your email is ira*****@gmail, right? He got your email to mass-send out from crawling the Internet, and also probably from the Adobe email leak (as your email is on haveibeenpwned).
It most likely happened like this:
1) LUCY GAGNON got her shaw.ca webmail compromised by a virus.
2) The spammer sent out as many emails using her webmail as he could.
3) Lucy recovers her webmail login.
4) You replied to the sgthansenc@hotmail email, which shows the spammer that your email address is "alive".
5) He also got your IRL name from your email reply.
6) He now is sending you messages that don't look like spam, so that spamfilters are less likely to block that email address in the future.
I'm not sure what his endgame is, but I get similar nonsensical spam all the time with no links or attachments. They seem to do that to make Gmail's spam filter think "you talk with this person since they email you every few weeks, so we shouldn't send it to spam".
Basically there is no real reason to bother worrying about this. You should just trash it, unless a "fake ARG" is enjoyable for you :v:
[QUOTE=HarryHy;46934998]It's probably a spammer sending random emails, then when you replied (bad move!!!) he got confirmation that your email is active, and so he adds it to his "working emails" list.
I assume your email is ira*****@gmail, right? He got your email to mass-send out from crawling the Internet, and also probably from the Adobe email leak (as your email is on haveibeenpwned).
It most likely happened like this:
1) LUCY GAGNON got her shaw.ca webmail compromised by a virus.
2) The spammer sent out as many emails using her webmail as he could.
3) Lucy recovers her webmail login.
4) You replied to the sgthansenc@hotmail email, which shows the spammer that your email address is "alive".
5) He also got your IRL name from your email reply.
6) He now is sending you messages that don't look like spam, so that spamfilters are less likely to block that email address in the future.
I'm not sure what his endgame is, but I get similar nonsensical spam all the time with no links or attachments. They seem to do that to make Gmail's spam filter think "you talk with this person since they email you every few weeks, so we shouldn't send it to spam".
Basically there is no real reason to bother worrying about this. You should just trash it, unless a "fake ARG" is enjoyable for you :v:[/QUOTE]
While all this is a very real possibility, I have no real reason not to continue. I don't mind spam and so far it's at least been an interesting puzzle. I don't see why a spammer would include all these puzzles and shit? Surely you'd want to act like a real person so the receiving person doesn't get suspicious, and these cryptic messages would tip anyone off. And if it is a spammer, wouldn't he have delivered the payload by now? It's been months since this all first happened, why wait?
I definitely see where you're coming from but even if it is nothing, there's no harm in playing along besides maybe some spam.
Edit: And if Lucy's account got hijacked, why use the spoofer in the first place?
[QUOTE=Paraprose;46935079]Edit: And if Lucy's account got hijacked, why use the spoofer in the first place?[/QUOTE]
Because she most likely recovered her account after a few days. That's why the original spam was sent out with a different Reply-To header.
[QUOTE=HarryHy;46935100]Because she most likely recovered her account after a few days. That's why the original spam was sent out with a different Reply-To header.[/QUOTE]
If I've been emailing the actual Lucy, why hasn't she replied back asking who this is?
[QUOTE=Paraprose;46935134]If I've been emailing the actual Lucy, why hasn't she replied back asking who this is?[/QUOTE]
Probably thinks you're a spammer as well. You have to keep in mind the person who you're emailing probably isn't very technical in the first place, plus any kind of reply to spam will just look like you're a spammer as well unless they have context or analyze the email for a while.
[QUOTE=HarryHy;46935144]Probably thinks you're a spammer as well. You have to keep in mind the person who you're emailing probably isn't very technical in the first place, plus any kind of reply to spam will just look like you're a spammer as well unless they have context or analyze the email for a while.[/QUOTE]
I think tomorrow I'm going to do what elix suggested and contact Shaw to see if you're right, if I can get that information.
So I've enjoyed reading these threads through a lot, and have come up with a possible list of what could be going on here, in order of most likely first.
1. This is a thing OP, his friend(s), another poster(s) have devised and are having some fun. Yes, there is evidence, but think how much Dan Was Boobies guy went into producing evidence to make it seem real just for a joke.
2. It's your friend, and him solving most of the puzzles is a way of throwing you off the scent. He seems to be solving them remarkably well, whereas from what I can remember, in the first thread, if I remember right, nothing was really solved by any facepunchers (this also applies to point 1)
In this case, you have to think why would your friend be doing such a thing? A prank? Maybe the stuff about your mother is coming up because he feels like he has problems or regrets with his mother (maybe hidden), and wants to keep you two close? (yes that is deep but it's a possibility)
3. It's just some sort of advanced spam bot, as of post 32.
4. It's a bored person who enjoys doing it just to screw with people, and it's not target at you. This could tie in with the large gaps between emails, the person could be doing other things and just get bored and check the email accounts every now and again.
--now going into the realms of very unlikely---
5. It's someone with personal beef with you. The mother stuff is low hanging fruit for anyone who wants to upset/worry someone, as people usually care about their mothers a lot.
6. You've bumped into some sort of recruitment thing for a government agency (or even private security company). Solve the puzzle, get a job. ([URL="http://www.telegraph.co.uk/history/world-war-two/11151478/Could-you-have-been-a-codebreaker-at-Bletchley-Park.html"]it's not like things like this haven't been done for ages[/URL])
Irrespective of any of that, here's something to consider:
It's very easy to see things in gibberish. Generate some totally true random text, and ask people to look for patterns in it, and often they will find something there.
[QUOTE=HarryHy;46935144]Probably thinks you're a spammer as well. You have to keep in mind the person who you're emailing probably isn't very technical in the first place, plus any kind of reply to spam will just look like you're a spammer as well unless they have context or analyze the email for a while.[/QUOTE]
You still didn't explain why Lucy would have included all of these puzzles in her e-mail. Especially if she wasn't very technical. I'm fairly confident most spammers are more concerned with convincing me to take viagra or smuggle money for the Nigerian prince. I have yet to see anything remotely related to that from the current or previous e-mails.
You know have you ever bung that email straight into google?
lucyg1 appears on a apparent list of emails for sale
[url]http://www.smtpforsale.com/download-details/77184.html[/url]
would suggest it was compromised at some point
this supports the spambot theory
[QUOTE=rhx123;46935251]You know have you ever bung that email straight into google?
lucyg1 appears on a apparent list of emails for sale
[url]http://www.smtpforsale.com/download-details/77184.html[/url]
would suggest it was compromised at some point
this supports the spambot theory[/QUOTE]
It was literally just confirmed earlier in the thread that an e-mail spoofer was in use.
[QUOTE=elixwhitetail;46934234][url]https://emkei.cz/[/url] is a customizable anonymous mailer. This could be one of your friends pulling a prank on you.
Or some kind of ARG.
[/QUOTE]
[QUOTE=WitheredGryphon;46935233]You still didn't explain why Lucy would have included all of these puzzles in her e-mail. Especially if she wasn't very technical. I'm fairly confident most spammers are more concerned with convincing me to take viagra or smuggle money for the Nigerian prince. I have yet to see anything remotely related to that from the current or previous e-mails.[/QUOTE]
Spam-that-looks-like-ham is a more and more common tactic when email filters continue to become more developed. Going straight to Viagra is a surefire way to get your email instantly blacklisted by all major spam filters.
[QUOTE=WitheredGryphon;46935276]It was literally just confirmed earlier in the thread that an e-mail spoofer was in use.[/QUOTE]
NOW a spoofer is being used, because she probably recovered her account. Previously, the emails were sent through shaw's webmail using an Indian IP address.
[QUOTE=Paraprose;46934011]So that sequence of numbers backwards is a valid phone number.
My friend called it and got this: [url]http://vocaroo.com/i/s0nCT2su1z0H[/url]
Transcript:
So it starts out like a normal wrong number phone message, but that last line it's so chilling. It fits so seamlessly in that it catches you off guard. And it's obviously related because both the email and that message mention "my mother," which I think is a codename for some other entity or possibly the key to something.[/QUOTE]
This is pretty fascinating. No way is that a coincidence, I think you've stumbled on what you were supposed to stumble on. What explanation could there be for reversing the first 2 numbers? Or reversing the last two numbers, actually
I dunno, the whole "fake phone message referencing your mother" doesn't sound like something a random spammer would go to the effort of doing.
[sp]lets not rule out the possibility this is all OP's doing and they're setting [I]us[/I] up for a little ARG[/sp]
[QUOTE=Mort Stroodle;46935314][sp]lets not rule out the possibility this is all OP's doing and they're setting [I]us[/I] up for a little ARG[/sp][/QUOTE]
I do love ARGs [which is why I'm so invested in this], but I don't know nearly enough to pull off one of my own. Of course I can't prove that this isn't me, but if it was I'd risk getting banned for being a gimmick.
[QUOTE=HarryHy;46935293]Spam-that-looks-like-ham is a more and more common tactic when email filters continue to become more developed. Going straight to Viagra is a surefire way to get your email instantly blacklisted by all major spam filters.
NOW a spoofer is being used, because she probably recovered her account. Previously, the emails were sent through shaw's webmail using an Indian IP address.[/QUOTE]
I have never in my life, ever, seen a spam e-mail this sophisticated. On top of that, this hasn't ever been reported before (or at least Google says otherwise). If it was a harvester then there wouldn't have been a point in replying back with a continuing puzzle. It would have snagged the e-mail and that would've been that.
And a spoofer was confirmed previously last time as well by yours truly. Only this time the PM is probably just using a different spoofer.
Going back to initial research here, putting [email]sgthansenc@hotmail.com[/email] into google doesn't bring up much for the address, but it does bring up some 419 "solder romance scams"
the email could be split up into sgt hansen nc (sergeant hansen north carolina?) and be for a scam, and the scammer is just having some fun pissing you off.
Looking at the site [url]http://www.419scam.org/emails/2011-08/20/00024404.35.htm[/url]
-The email address is very similar (sgt hansen)
[quote]This email uses a separate reply address that is different from the sender address. Spammers use this to get replies even when the original spam sending accounts have been shut down. Also, sometimes the sender addresses are legitimate looking but fake and only the reply address is actually an email account controlled by the scammers.[/quote] matches perfectly to what happened to you
sorry if this has been bought up before
[QUOTE=rhx123;46935371]Going back to initial research here, putting [email]sgthansenc@hotmail.com[/email] into google doesn't bring up much for the address, but it does bring up some 419 "solder romance scams"
the email could be split up into sgt hansen nc (sergeant hansen north carolina?) and be for a scam, and the scammer is just having some fun pissing you off.
Looking at the site [url]http://www.419scam.org/emails/2011-08/20/00024404.35.htm[/url]
-The email address is very similar (sgt hansen)
matches perfectly to what happened to you
sorry if this has been bought up before[/QUOTE]
That's like saying "because another e-mail has Gryphon in its name, it could be my e-mail for all we know". The address is sgt.heninghansen. "Hening" isn't even in the first e-mail, nor is there any hint at why there would be a "c" in the original and not the similar one.
And why would the spammer "sgthansen" stop redirecting to the assumed harvester account and start directing its "reply-to" to the "lucy" account? Especially when Lucy is using a single use anonymous instant mailer to "spam"? That would be the most inefficient ass spammer around.
[img]http://i.imgur.com/OAfu6UM.png[/img]
[img]http://i.imgur.com/L92xcOl.png[/img]
[img]http://i.imgur.com/x8PZuQL.png[/img]
Although the header posted on Page 1 doesn't even have a "reply-to" so I don't know if either the full header wasn't posted or something fucked up.
I think the thing here is to be careful not to try and find a technical solution to probably a non-technical problem
If you think for a second with common sense, [I]why[/I] this is happening, the chance of it being a scammer/spammer is much higher than something more nefarious.
[QUOTE=rhx123;46938455]I think the thing here is to be careful not to try and find a technical solution to probably a non-technical problem
If you think for a second with common sense, [I]why[/I] this is happening, the chance of it being a scammer/spammer is much higher than something more nefarious.[/QUOTE]
Given the seemingly needless complexity of the emails, spam can be ruled out almost instantly. The average person would never be able to figure this kind of stuff out; a computer-illiterate person wouldn't even try. Considering that that's the main target demographic for most spam emails, it's hilariously unlikely that this is spam.
I could see it [i]maybe[/i] being some sort of underground cryptographer association recruitment program or something. That or it's a prank being played by someone who knows OP.
Woke up this morning to another email.
[quote]Subject: MOTHER2
Body:
MOTHER2
6
6
6
6
9
8
4
8
1
2[/quote]
[quote]Received: by 10.70.96.2 with SMTP id do2csp20031pdb;
Thu, 15 Jan 2015 05:18:51 -0800 (PST)
X-Received: by 10.194.185.68 with SMTP id fa4mr11880039wjc.111.1421327930774;
Thu, 15 Jan 2015 05:18:50 -0800 (PST)
Return-Path: <lucyg1@shaw.ca>
Received: from emkei.cz ([2a01:5e0:36:5001::1491:8ce5])
by mx.google.com with ESMTP id bf9si32107711wib.34.2015.01.15.05.18.49
Thu, 15 Jan 2015 05:18:50 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning [email]lucyg1@shaw.ca[/email] does not designate 2a01:5e0:36:5001::1491:8ce5 as permitted sender) client-ip=2a01:5e0:36:5001::1491:8ce5;
Authentication-Results: mx.google.com;
spf=softfail (google.com: domain of transitioning [email]lucyg1@shaw.ca[/email] does not designate 2a01:5e0:36:5001::1491:8ce5 as permitted sender) smtp.mail=lucyg1@shaw.ca
Received: by emkei.cz (Postfix, from userid 33)
id B4BD6D5749; Thu, 15 Jan 2015 14:26:12 +0100 (CET)
Subject: MOTHER2
From: "LUCY GAGNON" <lucyg1@shaw.ca>
X-Priority: 3 (Normal)
Importance: Normal
Errors-To: [email]lucyg1@shaw.ca[/email]
Reply-To: [email]lucyg1@shaw.ca[/email]
Date: Thu, 15 Jan 2015 2:23:13 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Message-Id: <20150115132612.B4BD6D5749@emkei.cz>[/quote]
The header looks the same as the others. Looks like all this may be some kind of number cipher?
[QUOTE=Paraprose;46938937]Woke up this morning to another email.
The header looks the same as the others. Looks like all this may be some kind of number cipher?[/QUOTE]
218 again. Same area code as before in Minnesota IIRC. I tried calling it but it just rang and rang and rang. I gave it a full minute before hanging up.
[editline]Edited: [/editline]
I'm going to go see if Unfiction knows anything about this. Those guys are literally the ARG masters. They should be able to shed some light (hopefully) on what this is.
[editline]Edited: [/editline]
Make sure to post FULL header information for each e-mail you get. There may be something tucked away in the headers that we miss which could be a key for the next part of the puzzle.
[QUOTE=WitheredGryphon;46941852]Make sure to post FULL header information for each e-mail you get. There may be something tucked away in the headers that we miss which could be a key for the next part of the puzzle.[/QUOTE]
I added the header to my previous post.
The "Mother2" subject makes me think there's going to be more of these sequences, maybe for some kind of table of numbers?
Or they're just a huge Earthbound fan.
tried looking up the IP
[t]http://puu.sh/ezAV7/abcb79b97a.jpg[/t]
v:v:v
(it was 0,0; I don't feel like getting another image)
Is that 0,0?
Wait nevermind, Equatorial Guinea is actually really far from the equator.
I believe that OP and/or OP's friend are trying to post a trailhead for their own ARG and are trying to get Facepunch to solve it, in lieu of waiting for someone to find/solve the trailhead on their own. It can only explain the convenient, mysterious ways the puzzles are solved if we take too long to solve them, which shows a serious lack of patience and dedication. Either that or it's his friend messing with him. If the former, you should really try and make a better trailhead. ARGs are all about patience, if your players take longer than a day to solve something you don't solve it for them. At this point it's almost like you're just playing your own ARG because nobody else is fast enough for you. Put up some flyers or something, at least post anonymously if you're going to give out the trailhead right away, and then don't help your playerbase because you're bored - only give them a clue if they're seriously stuck.
If it's the latter I apologize for accusing you.
[QUOTE=TurtleeyFP;46943913]I believe that OP and/or OP's friend are trying to post a trailhead for their own ARG and are trying to get Facepunch to solve it, in lieu of waiting for someone to find/solve the trailhead on their own. It can only explain the convenient, mysterious ways the puzzles are solved if we take too long to solve them, which shows a serious lack of patience and dedication. Either that or it's his friend messing with him. If the former, you should really try and make a better trailhead. ARGs are all about patience, if your players take longer than a day to solve something you don't solve it for them. At this point it's almost like you're just playing your own ARG because nobody else is fast enough for you. Put up some flyers or something, at least post anonymously if you're going to give out the trailhead right away, and then don't help your playerbase because you're bored - only give them a clue if they're seriously stuck.
If it's the latter I apologize for accusing you.[/QUOTE]
Unfortunately whoever the PM is is rather unorganized. If we hadn't somehow "miraculously" solved the first phone number there's no way we would have solved that puzzle because the e-mail was incorrect. The second e-mail further reinforces my point when they corrected the area code issue.
[QUOTE=TurtleeyFP;46943913]I believe that OP and/or OP's friend are trying to post a trailhead for their own ARG and are trying to get Facepunch to solve it, in lieu of waiting for someone to find/solve the trailhead on their own. It can only explain the convenient, mysterious ways the puzzles are solved if we take too long to solve them, which shows a serious lack of patience and dedication. Either that or it's his friend messing with him. If the former, you should really try and make a better trailhead. ARGs are all about patience, if your players take longer than a day to solve something you don't solve it for them. At this point it's almost like you're just playing your own ARG because nobody else is fast enough for you. Put up some flyers or something, at least post anonymously if you're going to give out the trailhead right away, and then don't help your playerbase because you're bored - only give them a clue if they're seriously stuck.
If it's the latter I apologize for accusing you.[/QUOTE]
If it's my ARG, why would I disappear for 3 months and then come back on a whim?
[QUOTE=Krinkels;46943231]Is that 0,0?
Wait nevermind, Equatorial Guinea is actually really far from the equator.[/QUOTE]
Actually it's really close to the equator. That is about 0,0.
[img]http://i.imgur.com/AsQkfd7.png[/img]
Sorry, you need to Log In to post a reply to this thread.