1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to send email like this?

Discussion in 'Cloaking and Content Generators' started by blackhat777, Jun 4, 2012.

  1. blackhat777

    blackhat777 Elite Member

    Joined:
    Jun 25, 2011
    Messages:
    1,779
    Likes Received:
    653
    Hi friends,

    I don't know where to put this thread, Mods, please move this to appropriate section, if required.

    I received an email on one of my id. The email says it's from paypal.
    This is what I get on the header of the email:



    Date: Fri, 1 Jun 2012 18:50:34 -0500 [06/01/2012 06:50:34 PM CDT]
    From: service@paypal.com <service@paypal.com>
    Bcc: Undisclosed Recipients
    Reply-To: service@paypal.com
    Subject: Your account has been limited until we hear from you
    Priority: 1




    Now, i know that this email is not from paypal as the link they gave in the email body is from an infected site and I don't have a paypal id with this email.
    But, how did they fake the from part in this mail?

    Any guesses?

    Thanks
     
  2. blackhat777

    blackhat777 Elite Member

    Joined:
    Jun 25, 2011
    Messages:
    1,779
    Likes Received:
    653
    Please pardon the bad color which comes in the post..
    I just copy pasted it..


    Edit - Corrected it now..
     
  3. bornformoney

    bornformoney Senior Member

    Joined:
    Feb 22, 2011
    Messages:
    1,189
    Likes Received:
    1,513
    Occupation:
    Accounting / Law School
    Location:
    1 + (Idiots x CPA) = $Money$
    Email spoofing FTW!

    Can't talk much about it here, but you can do some good research and you'll find some snippets to do that with ease. Although hitting 100% inbox is quite tricky, but if you can manage it, it's a piece of cake.
     
  4. skrode

    skrode Junior Member

    Joined:
    Nov 13, 2011
    Messages:
    103
    Likes Received:
    16
    php mail function and from header
     
  5. inkbird

    inkbird Newbie

    Joined:
    Jun 3, 2012
    Messages:
    13
    Likes Received:
    2
    Why cant we talk about email spoofing here... This is Black Hat World, isn't it?
     
  6. Halilovic-Squad

    Halilovic-Squad Regular Member

    Joined:
    Mar 25, 2010
    Messages:
    246
    Likes Received:
    129
    just because it is blackhatworld you cannot talk about everything here...
    ...it`s not crimehatworld, fraudhatworld, scamhatworld etc.

    every place has it`s rules and given reasons for them...
    ...should be obvious if you think about it.
     
  7. ihatecaptcha

    ihatecaptcha BANNED BANNED

    Joined:
    Jul 31, 2010
    Messages:
    593
    Likes Received:
    78
    Go to myadtools and get Massmailer,
     
  8. Hugall19

    Hugall19 Newbie

    Joined:
    Jun 17, 2012
    Messages:
    15
    Likes Received:
    1
    Occupation:
    IM
    Location:
    Vancouver
    Home Page:
    Well said..... It's not crimehatworld lmao I love it.
     
  9. Mp3Vibe

    Mp3Vibe Newbie

    Joined:
    Jun 29, 2010
    Messages:
    40
    Likes Received:
    18
    Occupation:
    Sleeper
    Location:
    Paradise
    This is what people call email spoofing. The sender just try to make it really come from PayPal. The purpose of that email is to stole your PayPal account. The sender just send it to his/her random email list and hope some people fall to his/her trap. So basically he/she don't know if the email target really attached to PayPal account or not. Be careful with this shit all you Guys.
     
  10. Fastviews

    Fastviews Registered Member

    Joined:
    Jun 5, 2012
    Messages:
    62
    Likes Received:
    24
    Occupation:
    Being Creative
    Location:
    Europe / Worldwide affiliated
    ok good question but whats the point of this answer? are you tryin to do the same to other people so you know how to do that??
    no offense :)
     
  11. Standard Toaster

    Standard Toaster Regular Member

    Joined:
    Aug 29, 2009
    Messages:
    335
    Likes Received:
    190
    Lol, if you have to ask how it's done - you won't get any far with it.
     
  12. WPRipper

    WPRipper Supreme Member

    Joined:
    Mar 24, 2010
    Messages:
    1,377
    Likes Received:
    1,493
    Location:
    Proudly romanian
    This can be done exactly how you see in the header, you put everything you want in sender field like this service@paypal.com <service@paypal.com>. You can try and see for urself. This is not some magic thing, but i wonder if you got the email in inbox, cus if is yes then these guys are really good.
     
  13. soma56

    soma56 Regular Member

    Joined:
    Jun 16, 2009
    Messages:
    276
    Likes Received:
    154
    Home Page:
    Phishing for paypal account information is wrong, unethical and highly illegal. Changing your header information, including the 'from address' is against most anti-spam policies. Instead of going into exactly how this is done I'm going to share with you a guide I wrote on how to detect the location of the original person that sent this message. In this example I'll go through an actual 5pam message that I received.

    Step 1 - View the message source
    You can easily view the message source of any message. However, there are a plethora of different mailing clients and services. So your best bet is simply Google

    How to view message source of "EMAIL CLIENT"

    Replace the word "Email Client" with whatever you're using to read emails.

    Step 2 - Analyze the Header Information
    Now that you can see the source or 'header' information of the email go over to this website:

    http://www.mxtoolbox.com/EmailHeaders.aspx

    Paste the header information in the box provided and click 'Analyze Header'. You'll receive the path that the email took to get to you. But you'll want to pay special attention to the very first hop.

    In this case I can see that this genius is coming from the IP of 41.203.64.130.

    Step 3 - Determine if the IP is a known 5pam agent
    For this we'll go over to our friends at 5pamhaus. They have a page where you can plug in an IP to determine if it's on their block list (or others).

    http://www.5pamhaus.org/lookup/

    (note: replace 5 with the letter s in the above URL)

    In this case nothing has been reported (yet).

    Step 4 - Determine geographical location of sender
    You can do this by simply going to any number of websites that translates IP addresses to geographical locations. Here's a site that does a pretty good job:

    http://www.ip2location.com/demo

    I can see our genius is from Nigeria. Hmmm...

    Now what about the offending server?

    Step 5 - Determine contact information of server

    Based on the information from MX tools we can see that this email came from exch.hwdistributors.com. Whenever you see a period or dot within a domain that's known as a subdomain. In this case exch.hwdistributors.com returns a 404 error, however, hwdistributors.com looks to be a well established company.

    From there you could do a simple ‘Whois' search to determine the contact information but wait! There's already a contact page with a phone number?

    http://www.hbcdistributors.com/contactus/index.htm

    This website seems to be a credible one. So what happened? We have a 5pam message from Nigeria whose sending email from a furniture website from the USA. Compromised server? Disgruntled website owner? Who knows, but atleast now we know how to track down their information...
     
    • Thanks Thanks x 10
  14. suebelhor

    suebelhor Newbie

    Joined:
    Jun 23, 2012
    Messages:
    24
    Likes Received:
    0
    looks good
     
  15. crille30

    crille30 Newbie

    Joined:
    Aug 19, 2011
    Messages:
    23
    Likes Received:
    0
    ok great info but if they would use ex HMA then you can not get the IP?Or else whats the point of having proxies?
     
  16. seo_wpn

    seo_wpn Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 23, 2011
    Messages:
    1,400
    Likes Received:
    197
    Thanks a lot for the explanation.
     
  17. dropsy16

    dropsy16 Junior Member

    Joined:
    Dec 10, 2011
    Messages:
    101
    Likes Received:
    21
    Bahaha I love this!
     
  18. a32337

    a32337 BANNED BANNED

    Joined:
    Jul 2, 2012
    Messages:
    135
    Likes Received:
    44

    Agreed not really the place for this
     
  19. a32337

    a32337 BANNED BANNED

    Joined:
    Jul 2, 2012
    Messages:
    135
    Likes Received:
    44
    In fact I'm pretty sure there are a lot of "paypal scam" sites etc that maybe you will be better suited there
     
  20. linkmonster

    linkmonster Power Member

    Joined:
    Oct 7, 2011
    Messages:
    569
    Likes Received:
    71
    Quite Interesting posts thanks for it.