The scheme itself is based in Australia, and I am no expert in Australian law. So, let's assume that this type of MLM scheme is legal in Australia for now.
Still, this particular email seemed unusually brazen..
From: MySuperShares.com <webmaster@mysupershares.com>
Reply-To: webmaster@mysupershares.com
Date: 28 October 2010 13:30
Subject: MySuperShares.com Confirmation Email
Dear 4612_210 4080_759,
Thank you for creating your account with MySuperShares.com.
To activate your account, please click the link below:
http://www.mysupershares.com/confirm.php?username=0000_000&id=00000
Once you have completed this step, you will be able to
login to your account.
Kind regards
Eva Browne-Paterson & Jullieanne Matheson
MySuperShares.com
The originating IP is 174.122.14.226, MySuperShares.com is hosted on 174.122.14.227 (i.e. the next IP address), so it indicates that the mail is genuinely from MySuperShares.com. Let's look at the WHOIS details for that domain:
Registrant:
EvieB.com
1 Keswick Island Drive
Keswick Island, Queensland 4740
Australia
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: MYSUPERSHARES.COM
Created on: 13-Oct-10
Expires on: 13-Oct-11
Last Updated on: 13-Oct-10
Administrative Contact:
Browne-Paterson, Eva evieb@evieb.com
EvieB.com
1 Keswick Island Drive
Keswick Island, Queensland 4740
Australia
411569782 Fax -- 749658019
Technical Contact:
Browne-Paterson, Eva evieb@evieb.com
EvieB.com
1 Keswick Island Drive
Keswick Island, Queensland 4740
Australia
411569782 Fax -- 749658019
Domain servers in listed order:
NS1.MYFREESAFELIST.COM
NS2.MYFREESAFELIST.COM
It's unusual for fraudsters to include their real contact details in the WHOIS, in fact everything checks out as being legitimate, it you check out the MLM business model.
There are a few possibilities:
- The people running the site are really stupid and think that this is a good way to get signups (rather than getting your site nuked)
- Someone is using MySuperShare.com's own system to perform a Joe Job with deliberately false signups.
- Someone thinks that they can make money by gaming MySuperShare.com's system with fake signups.
Update:it does appear that someone is targetting these MLM "get rich quick" sites as another site called Rev2Share.com has also been hit.
Nice, thanks for posting this so quickly. I received the same spam and thought "huh, my email address isn't easily mistaken for a whole lot... how'd this happen?" I checked most of the same things you did and came to a similar conclusion, and then I came across this blog.
ReplyDeleteHere's another good thread:
http://www.antispam.de/forum/showthread.php?30169-MySuperShares