|
On Wednesday, August 18th of 2004, we were the apparent victims of a "joe job". Our first clue that something was "amiss" was when Kim checked her email, and found 2,300+ emails that had somehow bounced back to her account. They contained the email address admin@eatstayplay.com - which did not exist until this morning. Since I am in charge of the IT department, I freaked out and started scanning all of our computers for Trojan horses. Nothing. Then the phone calls started pouring in. I finally had someone email me a copy, and I was surprised when I read:
> Dear Sir/Mrs.,
>
> In our administration we have noticed, that you have to pay us a total
amount of $99.95 for the advertising service we have delivered to you.
>
> You can pay within 7 days.
>
> If you have further any questions, you can always call us at (928)
636-6588, or send an email to admin@eatstayplay.com
>
> Best regards,
>
> EatStayPlay
>
> http://www.eatstayplay.com
So obviously, this is not a virus. Although viruses are smart, they are not smart enough to know our phone number. If you were the recipient of one of these emails, feel free to take a deep breath, because you are not infected with a virus/trojan horse.
Once I figured out that this email did not originate from our server, I contacted our hosting services at Alentus to find out who did this to us. I spoke with Doug who is in charge of the email tech support. I explained to him what we were seeing, and his simple reply was "You got Joe-jobbed". What in the world is Joe-jobbed? An article from 2000 at Cotse said "A Joe Job is a term used to describe fraudulent spam." Another article from TVTech reads "A Joe job is one of the oldest, and easiest, spamming tricks in the book," said spam consultant Ben Westbrook, CEO of Mail-Filters.com. "Internet mail was created at a time when people were collaborating in the early stages on the Internet so there were no security mechanisms really put into Internet mail and consequently it's easy to forge who you are when you send mail." The simplest definition of Joe job would be "the falsification of email origins done as part of a deliberate attack upon an individual's or organization's email service, internet service, domain registration service, business and reputation". Apparently anyone that uses the Internet as a business tool can get Joe jobbed - even Howard Dean.
Who Joe-jobbed us? Does someone not enjoy the free services we provide to help people find recreational activities? Doug from Alentus said that most of the time the people responsible for this attack are from third-world countries.
As the Internet Technology manager for eatstayplay.com, I can assure you that we do not send out spam in any way, shape, or form. We are above that. I apologize that you received this particular email, but from what I have learned in the last few hours, there is simply nothing that can be done to avoid this. On a side note, our sales and marketing representative wanted to add "If you do want to send us a check for $99.95, please feel free to do so".
Thanks to Rick McKee of Re/Max for helping us get the source of this email. Also, to the poor woman in Tennesse - your ex-husband didn't charge anything to your credit card, so please do not cause him any bodily harm.
***UPDATE 8-19-2004 I want to extend a big thanks to Tom List and Tom Greene, both of which have taken the time to send us the header information. It is our belief that this email has originated from either the state of NY, or from the country of Amsterdam - one of the two. I would still like more samples to take a look at, so please feel free to follow the instructions below.
***UPDATE 8-19-2004 Afternoon - I was wondereing why it was called a "Joe Job". I found that story here. Interesting.
***UPDATE 8-20-2004 Finally, after 72 hours of being under attack, we got him/her. A huge thanks to the people at SpamCop for offering a free tool to help track the people down. This same tool can be used to help you fight against spam. If you are intertested, and you know how to view the full headers of an email, check it out. Thanks to all of you who spent your valuable time helping us.
***Want to help us track down the person who did this to us? It isn't that hard to do, and you may learn something from it. Do not forward the message to us, since that does us no good. What we need is the header information. If you are using Microsoft Outlook, you should be able to do so by doing these easy steps. First, open the email. Go to View-Options. At the bottom of the Options window, you will see "Internet Headers". Although you cannot type in this area, you can highlight it. Highlight the text in the Internet Header window, then RIGHT CLICK. Select copy. After doing this, you can now close this window, and compose a new email message. Address it to brian@eatstayplay.com. For a subject line, please put "Get those people". Then place your cursor in the body of the email message, and RIGHT CLICK the mouse button. You should have the option "paste". Select that option, and then send the email to us. We really appreciate your help, and who knows, we may feature your business on our website! Please feel free to click here to return to our home page.
|
|
|
--We are not spammers.--
|
|
