Email Spam Filter:
 jwSpamSpy
Try it for free!


About spam / "419" / Blog
jwSpamSpy
Recent spam domains
Spam domain blacklist

Software
Links
joewein.de
joewein.net
Contact
Google

 

Fraudulent job offer: "Shultz Cars Part Company" (shultz-cars-part.net)

The "Shultz Cars Part Company" (shultz-cars-part.net) job offer is part of a series of scams designed to trick third parties into assisting the criminal laundering of stolen money. See more about this type of scam here:

Here is the message which was all in graphics:
From: "Shultz Cars Part Company" <ctybg@hotmail.com>
To: <emailaddress>
Sent: Thursday, 13 January, 2005 21:31
Subject: Do you want to earn more? - Then this proposal is for you!

Here are the full message headers: 

Received: from pcp0010563923pcs.mplsnt01.sc.comcast.net ([69.241.91.238])
	by ################## with smtp (Exim 4.43)
	id 1Cp48i-0005PC-EA
	for ########################; Thu, 13 Jan 2005 13:31:54 +0100
FCC: mailbox://ctybg@hotmail.com/Sent
X-Identity-Key: id1
Date: Thu, 13 Jan 2005 14:31:42 +0200
From: Shultz Cars Part Company 
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: kuuk.berendse@quicknet.nl
Subject: Do you want to earn more? - Then this proposal is for you!
Content-Type: multipart/related;
 boundary="------------040407030509090804020004"
X--MailScanner-SpamCheck: spam, SpamAssassin (score=10.749,
	required 5, BAYES_95 2.06, FORGED_HOTMAIL_RCVD2 1.18,
	HTML_80_90 0.15, HTML_FONT_LOW_CONTRAST 0.79,
	HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.18,
	MSGID_FROM_MTA_HEADER 0.05, MSGID_FROM_MTA_ID 1.72, PLING_QUERY 0.37,
	RCVD_IN_BL_SPAMCOP_NET 1.22)
X-MultiKabel-MailScanner-SpamScore: ssssssssss
X-MailScanner-From: ctybg@hotmail.com

Notes:

  • Any job offer that involves receiving payments for your employer in your private bank account can be assumed to be fraudulent. Using another person's bank account for business is a clear indicator that the funds are associated with criminal activity.
  • Any proposal that involves sending money by Western Union to an individual you don't know personally can be assumed to be fraudulent. Such funds are basically untraceable.
  • This spam was sent not from a regular mailserver but from the machine of a customer of Comcast, a US Internet service provider
  • This email went out at random. The recipient was not a UK resident.
  • The job offer is posted as a graphics image, so that the text can not be tracked by search engines.
  • There is no postal address, telephone number of fax number
  • Domain shultz-cars-part.net was only created on 2005-01-12, two days before the spam was received.
  • The domain was registered using a US postal address, even though the Company claims to be German.
  • Shultz is the Anglicised version of Schultz, so this company doesn't sound very Germany. It doesn't sound very British or American either, considering the confusion of "car parts" with "cars part".
  • This spam was probably sent once before, since it wishes "Merry Christmas" (in the middle of January). Since the ad is displayed as a graphics image, the text is not easy to update.

shultz-cars-part.net is a fraud!

This is a similar scam to the "Alpen-Antique GmbH" and "Plasma project, Inc." job scams.

WHOIS record for lionder.org

Domain Name.......... shultz-cars-part.net
  Creation Date........ 2005-01-12
  Registration Date.... 2005-01-12
  Expiry Date.......... 2007-01-12
  Organisation Name.... Shultzcarspart Ag
  Organisation Address. 11323 Village Place Dr
  Organisation Address. 
  Organisation Address. Houston
  Organisation Address. 77077
  Organisation Address. TX
  Organisation Address. UNITED STATES

Admin Name........... Shultzcarspart Ag
  Admin Address........ 11323 Village Place Dr
  Admin Address........ 
  Admin Address........ Houston
  Admin Address........ 77077
  Admin Address........ TX
  Admin Address........ UNITED STATES
  Admin Email.......... shultzcarspartag@hehe.com
  Admin Phone.......... +1.2815584826
  Admin Fax............ 

Tech Name............ YahooDomains TechContact
  Tech Address......... 701 First Ave.
  Tech Address......... 
  Tech Address......... Sunnyvale
  Tech Address......... 94089
  Tech Address......... CA
  Tech Address......... UNITED STATES
  Tech Email........... domain.tech@yahoo-inc.com
  Tech Phone........... +1.6198813096
  Tech Fax............. +1.6198813010
  Name Server.......... yns1.yahoo.com
  Name Server.......... yns2.yahoo.com

Anti-Spam Resources:
jwSpamSpy is our spam filter (free evaluation version available for download)
Anti-spam domain blacklist – list of domains that I refuse to receive mail from
Recent additions to domain blacklist (with whois details)
"419" scam sender/contact addresses ("Nigeria connection" address book)
DNS-based IP and domain name blacklists
IP address ranges
Dynamic IP addresses (700 KB!)
Name server / Registrar combinations
Free email providers
AOL dial-up address ranges and mail servers
How to trace senders of spam
Frequently asked questions (FAQ)
Lookup an IP address on blacklists (http://dnsbl.net.au/lookup/)

Clueless virus filters spam innocent third parties
Challenge and Response spam filters: A selfish idea for selfish times

ShareYourExperiences.com spammers
Smyrnagroup spammers (in German)
Kaplan College spam
Stock Price Manipulation Spam ("Pump & Dump")
What's the deal with "OEM software"?
'Phishing' for your wallet
Job spam for payment processors
Spam phone numbers ("diploma" spam, etc.)
"Joe job" information

Link exchange offer spam
Getting creative with spam
Link exchange spam: allcarpictures.com

Xenophobia, Spam and Viruses: The "German Spam" (Sober.H)
Sober.H – Racist German email spam spread by virus (in German)

"Joe job" against joewein.de
Porn spam: watchsound.com
Porn spam: hotsalza.com
Name servers used by spammers: joker.com
Rogue name servers: mediadreamland.com
Rogue name servers: airmaramba.biz
Rogue name servers: bonafidecash.com
Rogue name servers: maileasy.biz

Browser hijacking: heretofind.com

Computer Viruses