[LINK] LinkedIn spook or an actual break ?

Scott Howard scott at doc.net.au
Tue Jun 12 10:23:00 AEST 2012 

It's fake, and originated from 78.93.119.125 which is from Saudi Arabia.

Received by headers are easy to fake - you can only trust them back as far
as the first "untrusted" host, which in this case is 78.93.119.125.

  Scott

On Mon, Jun 11, 2012 at 4:21 PM, Jan Whitaker <jwhit at janwhitaker.com> wrote:

> Linkers,
> Given the recent LinkedIn concerns, I was alert when this came today.
> Note the envelope is not via linked in, but that there is a path
> point that *is* LinkedIn, unless that is also faked by the spammer.
> The 'From' line is easy to fake. Anyone have any insight on decoding
> email headers to see if this is a result of the recent LinkedIn
> breach? I don't know any of these people, so I shouldn't be in their
> personal contact information and I'm pretty well locked down in
> LinkedIn regarding exposure of anything much.
>
> Return-path: <AbdielGrullon at me.com>
> Envelope-to: jwhit at janwhitaker.com
> Delivery-date: Mon, 11 Jun 2012 15:34:07 -0400
> Received: from [78.93.119.125] (port=1947)
>         by pearl.host-care.com with esmtp (Exim 4.77)
>         (envelope-from <AbdielGrullon at me.com>)
>         id 1SeANH-0002sq-Ar
>         for jwhit at janwhitaker.com; Mon, 11 Jun 2012 15:34:05 -0400
> Received: from mailb-de.linkedin.com ([199.101.160.75]) by
> mx6.me.com.akadns.net;
>          Mon, 11 Jun 2012 04:33:58 -0800
> Sender: messages-noreply at bounce.linkedin.com
> Date: Mon, 11 Jun 2012 04:33:58 -0800
> From: Shanell Overton via LinkedIn <member at linkedin.com>
> Reply-To: Shanell Overton <AbdielGrullon at me.com>
> To: jwhit <jwhit at janwhitaker.com>
> Message-ID: <860616863.5663454.0581957894672.JavaMail.app at ela4-app0647.prod
> >
> Subject: Fwd: Wire Transfer (9007VB04)
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
>         boundary="----=_Part_3389225_1459608723.5057231173308"
> X-LinkedIn-Template: email_type_MEBC_MEBC
> X-LinkedIn-Class: MBR-TO-MBR
> X-LinkedIn-fbl: s-82HNOBWN1SSYZVV0P4U17KX0UA7W5BOE70S1YN-073HWVDKC5PMA1B
> X-OriginalArrivalTime: Mon, 11 Jun 2012 04:33:58 -0800
> FILETIME=[1D4B1D4B:6F87D499]
>

More information about the Link mailing list