Email Spoof?

Discussion in 'CrossBreed Holsters' started by ArmyGuy45, Dec 29, 2016.

  1. Dec 29, 2016 #1
    ArmyGuy45

    ArmyGuy45 XDTalk 15K Member Founding Member

    Joined:
    Mar 24, 2007
    Messages:
    18,697
    Likes Received:
    1,098
    Trophy Points:
    113
    Location:
    Mesa, AZ
    Ratings:
    +3,377 / 38

    So I just got this email from CB and I think it is either a spoofed email or Carlie had her account credentials leaked. Anyone else get it?

    The PDF is a link to another site, not a PDF. (this is copy of the image, NOT the real one).

    So DO NOT OPEN IT. After further review it looks like Malware to me but the link could be broken now.



    Carlie Boatright


    1:32 PM (36 minutes ago)


    [​IMG]



    --


    Carlie Boatright
    417-732-5011
    www.crossbreedholsters.com


    [​IMG]


    This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
     
  2. Dec 29, 2016 #2
    ArmyGuy45

    ArmyGuy45 XDTalk 15K Member Founding Member

    Joined:
    Mar 24, 2007
    Messages:
    18,697
    Likes Received:
    1,098
    Trophy Points:
    113
    Location:
    Mesa, AZ
    Ratings:
    +3,377 / 38
    Pretty smart to create an attack and use a tiny URL as your middle man. Once your attack is known or compromised, delete the tiny URL so the payload can't be analyzed.

    Here is the header info. It looks like a compromised email:


    Delivered-To: gmail.com

    Received: by 10.103.25.65 with SMTP id 62csp6001946vsz;

    Thu, 29 Dec 2016 12:32:02 -0800 (PST)

    X-Received: by 10.13.254.71 with SMTP id o68mr39749052ywf.318.1483043522406;

    Thu, 29 Dec 2016 12:32:02 -0800 (PST)

    Return-Path: <carlie@cbholsters.com>

    Received: from mail-yw0-x241.google.com (mail-yw0-x241.google.com. [2607:f8b0:4002:c05::241])

    by mx.google.com with ESMTPS id k11si14219638ywa.210.2016.12.29.12.32.02

    for < gmail.com>

    (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);

    Thu, 29 Dec 2016 12:32:02 -0800 (PST)

    Received-SPF: pass (google.com: domain of carlie@cbholsters.com designates 2607:f8b0:4002:c05::241 as permitted sender) client-ip=2607:f8b0:4002:c05::241;

    Authentication-Results: mx.google.com;

    dkim=pass header.i=@cbholsters-com.20150623.gappssmtp.com;

    spf=pass (google.com: domain of carlie@cbholsters.com designates 2607:f8b0:4002:c05::241 as permitted sender) smtp.mailfrom=carlie@cbholsters.com

    Received: by mail-yw0-x241.google.com with SMTP id b66so26941503ywh.2

    for < @gmail.com>; Thu, 29 Dec 2016 12:32:02 -0800 (PST)

    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

    d=cbholsters-com.20150623.gappssmtp.com; s=20150623;

    h=mime-version:from:date:message-id:subject:to;

    bh=G1iuIiYJGhQSdeEusHQan4Y1YRJrWd2uBWshDREGf24=;

    b=NzNJEiIeozos/WSaVr91/VuTgPMJTp0tdMoQgxHOlw5JUhkhdSM6S5W/Xy0SQGWsf6

    PzpQjZyj8Qh4khGwmS9XiyMoewv71GTgufcnYGrI1jNbz86dDPQ+tHimDoZdvPGbn+a5

    oqBz8Lg4wtNeQettWWcxrX1AX7kt5ASP7De3jJEbm5186M1e3RPultUecg+KERmk73GG

    4QdqEQYQuoN1QidYFvgECo5PfVWS9PFIpKc+r9hL6e7cjTcjPUgo5WldEInz964aDud6

    Oz5E5dGxg10wjp51Jgdgns3uEa7lGvtfg5KsbYtNpfZvfppbh5VOzetVLRltkL76++cp

    /x0g==

    X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

    d=1e100.net; s=20161025;

    h=x-gm-message-state:mime-version:from:date:message-id:subject:to;

    bh=G1iuIiYJGhQSdeEusHQan4Y1YRJrWd2uBWshDREGf24=;

    b=d0yADOQ7nJWC5j2lrHSw8c36nUdD8CV75kX3e6mWYppKV4TfbfEUZkAzNItsIaoK28

    WeP5mn88f1qVb09JGtbzRwaSCIm7ediURt5o3umQtFJk0PATQjN6uChN4oYVwZ6G/3h3

    g1JCQDG1aV+pHcJ0msso1kLL5d8I0Cv+iovD+enboYjwJjsOZt4uv3hNoJ2TXl3AKj1T

    QxQ/Cp94w1c0A63cqCBudmAPQmvvTnLgtz739VJA9F/kBFD3r4bTdG860tub6pQ+RUZi

    kbL+HsPqSsidhYFjKEMKBGSSENAZNiR92kUHevy9frLw385r+vbZBjI+vXgSSEFVe0EW

    tzgA==

    X-Gm-Message-State: AIkVDXI8kvTHMcV4DiuWGXYmNDR4kklyAS77YOkwz6rxe3/mA+hNBnkK+LgJi5dzsBixnd41QVh6vTVfq010hNPKS/v9WJ+KEzouP9ODwQQe4wV/LSwgXAqFeNY180uX8COSYtGiuNsRc0ucQZid

    X-Received: by 10.129.56.10 with SMTP id f10mr38076877ywa.45.1483043521524; Thu, 29 Dec 2016 12:32:01 -0800 (PST)

    MIME-Version: 1.0

    Received: by 10.37.70.65 with HTTP; Thu, 29 Dec 2016 12:32:00 -0800 (PST)

    From: Carlie Boatright <carlie@cbholsters.com>

    Date: Thu, 29 Dec 2016 12:32:00 -0800

    Message-ID: <CAF1qnYNZB+p4aVq-VHpnUC9t4xMzrKUxOPBY5Hz-8nVf0pq6Nw@mail.gmail.com>

    Subject: Fwd: cbholstersSecuredDocs-12-29-16

    To: undisclosed-recipients:;

    Bcc: gmail.com

    Content-Type: multipart/related; boundary=001a114c7d3849fe250544d1fa42


    --001a114c7d3849fe250544d1fa42

    Content-Type: multipart/alternative; boundary=001a114c7d3849fe210544d1fa41


    --001a114c7d3849fe210544d1fa41

    Content-Type: text/plain; charset=UTF-8


    [image: https://is.gd/jZ5bFp] <https://is.gd/jZ5bFp>


    Scanned & Protected by



    --




    *Carlie Boatright*

    *417-732-5011*

    *www.crossbreedholsters.com <http://www.crossbreedholsters.com>*


    --


    ------------------------------

    This email and any files transmitted with it are confidential and intended

    solely for the use of the individual or entity to whom they are addressed.

    If you have received this email in error please notify the system manager.

    This message contains confidential information and is intended only for the

    individual named. If you are not the named addressee you should not

    disseminate, distribute or copy this e-mail. Please notify the sender

    immediately by e-mail if you have received this e-mail by mistake and

    delete this e-mail from your system. If you are not the intended recipient

    you are notified that disclosing, copying, distributing or taking any

    action in reliance on the contents of this information is strictly

    prohibited.

    ------------------------------



    --001a114c7d3849fe210544d1fa41

    Content-Type: text/html; charset=UTF-8

    Content-Transfer-Encoding: quoted-printable


    <div dir=3D"ltr"><br><div><font color=3D"#444444"><font size=3D"2" face=3D"=

    times new roman, serif"><font color=3D"#222222"><span style=3D"line-height:=

    25px"><a href=3D"https://is.gd/jZ5bFp"><img src=3D"cid:ii_1594c46e887e359e"=

    alt=3D"https://is.gd/jZ5bFp" width=3D"184" height=3D"124"></a><br></span><=

    /font></font></font></div><font color=3D"#444444"><font size=3D"2" face=3D"=

    times new roman, serif"><font color=3D"#222222"><span style=3D"line-height:=

    25px"><div><font color=3D"#444444"><font size=3D"2" face=3D"times new roman=

    , serif"><font color=3D"#222222"><span style=3D"line-height:25px"><br></spa=

    n></font></font></font></div>Scanned &amp; Protected by</span></font></font=

    ><font style=3D"color:rgb(34,34,34);line-height:25px;font-family:georgia,se=

    rif;font-size:13px">=C2=A0</font></font><font style=3D"color:rgb(68,68,68);=

    line-height:25px;font-family:&quot;open sans&quot;,&quot;lucida grande&quot=

    ;,&quot;segoe ui&quot;,arial,verdana,&quot;lucida sans unicode&quot;,tahoma=

    ,&quot;sans serif&quot;;font-size:12.8px" color=3D"#444444">=C2=A0</font><i=

    mg src=3D"http://buy-static.norton.com/norton/ps/images/logo.gif" style=3D"=

    font-family: arial, helvetica, sans-serif;" height=3D"24" width=3D"58"><spa=

    n style=3D"color:rgb(68,68,68);line-height:25px;font-family:proxima_nova,&q=

    uot;open sans&quot;,&quot;lucida grande&quot;,&quot;segoe ui&quot;,arial,ve=

    rdana,&quot;lucida sans unicode&quot;,tahoma,&quot;sans serif&quot;;font-si=

    ze:11pt">=C2=A0</span><br>

    <br><div><br></div>-- <br><div class=3D"gmail_signature"><div dir=3D"ltr"><=

    br><div><br></div><div><span style=3D"font-family:&quot;arial black&quot;,s=

    ans-serif"><font size=3D"4"><u><b>Carlie Boatright<br></b></u></font></span=

    ></div><div><span style=3D"color:rgb(102,102,102)"><b>417-732-5011</b></spa=

    n></div><div><b><a href=3D"CrossBreed® Holsters > Home" target=3D"_bl=

    ank">www.crossbreedholsters.com</a></b><br><br><img src=3D"https://apbweb.c=

    om/wp-content/uploads/2014/07/crossbreed_logo3.jpg" height=3D"75" width=3D"=

    262"></div><br></div></div>

    </div>


    <br>

    <div dir=3D"ltr" style=3D"color:rgb(34,34,34);font-family:arial,sans-serif"=

    ><div dir=3D"ltr"><hr></div><div dir=3D"ltr"><font size=3D"1" style=3D"back=

    ground-color:white">This email and any files transmitted with it are confid=

    ential and intended solely for the use of the individual or entity to whom =

    they are addressed. If you have received this email in error please notify =

    the system manager. This message contains confidential information and is i=

    ntended only for the individual named. If you are not the named addressee y=

    ou should not disseminate, distribute or copy this e-mail. Please notify th=

    e sender immediately by e-mail if you have received this e-mail by mistake =

    and delete this e-mail from your system. If you are not the intended recipi=

    ent you are notified that disclosing, copying, distributing or taking any a=

    ction in reliance on the contents of this information is strictly prohibite=

    d.</font></div><div><hr></div></div><div style=3D"font-size:1.3em"><span st=

    yle=3D"font-size:12.8000001907349px"><br></span></div>

    --001a114c7d3849fe210544d1fa41--

    --001a114c7d3849fe250544d1fa42

    Content-Type: image/png; name="image.png"

    Content-Disposition: inline; filename="image.png"

    Content-Transfer-Encoding: base64

    Content-ID: <ii_1594c46e887e359e>

    X-Attachment-Id: ii_1594c46e887e359e



    --001a114c7d3849fe250544d1fa42--
     
  3. Dec 29, 2016 #3
    Jonnyuma

    Jonnyuma XDTalk 5K Member

    Joined:
    May 28, 2014
    Messages:
    5,064
    Likes Received:
    1,080
    Trophy Points:
    113
    Location:
    A Dirty Little Town in OR
    Ratings:
    +3,498 / 61
    That's a lot of gobbledygook to most of us...thank you for the breakdown, but what does it mean?
     
  4. Dec 29, 2016 #4
    ZanderMan

    ZanderMan XDTalk 10K Member

    Joined:
    Feb 10, 2013
    Messages:
    12,159
    Likes Received:
    3,389
    Trophy Points:
    113
    Location:
    Orange Co, NC
    Ratings:
    +8,066 / 36
    I couldn't find a traceable IP address.
     
  5. Dec 29, 2016 #5
    ArmyGuy45

    ArmyGuy45 XDTalk 15K Member Founding Member

    Joined:
    Mar 24, 2007
    Messages:
    18,697
    Likes Received:
    1,098
    Trophy Points:
    113
    Location:
    Mesa, AZ
    Ratings:
    +3,377 / 38
    It was a tiny URL that has been removed. No IP to linked to that URL anymore.
     
  6. Dec 29, 2016 #6
    ArmyGuy45

    ArmyGuy45 XDTalk 15K Member Founding Member

    Joined:
    Mar 24, 2007
    Messages:
    18,697
    Likes Received:
    1,098
    Trophy Points:
    113
    Location:
    Mesa, AZ
    Ratings:
    +3,377 / 38
    Just got this from CB.

    PLEASE DO NOT RESPOND TO THIS EMAIL.

    Hello Everyone!,

    Just to inform you my email has been hacked you may have received a PDF from me do not open it or download it. Thank you all for your patience and understanding. Again do not reply to this email.

    Thanks
    --


    Carlie Boatright
    417-732-5011
    www.crossbreedholsters.com


    [​IMG]
     
  7. Dec 29, 2016 #7
    Snaphook

    Snaphook XDTalk 10K Member

    Joined:
    May 17, 2012
    Messages:
    11,473
    Likes Received:
    2,192
    Trophy Points:
    113
    Location:
    Flyover Country
    Ratings:
    +6,866 / 113
    That Obama was born in Kenya and you won the lottery in the U.K.
     
    • Funny Funny x 2
    • Winner Winner x 1

Share This Page