Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


!! WARNING !! Bogus "Yahoo" email

  • Please log in to reply
6 replies to this topic

#1 Groffeaston


  • Members
  • 518 posts
  • Gender:Male
  • Location:Easton,PA
  • Local time:12:45 PM

Posted 18 October 2011 - 11:51 PM

Hello everyone,

I recently got an email that says it is from "Yahoo Customer Care" with the subject: "UPDATE TO ALL YAHOO USERS". Below is a copy of what the email says and then the Full header information. Please note: I am providing a warning to not click on the included link. I do not know how to disable the link.


Dear Yahoo User,

We currently updating our database, used account will be deletted for new
accounts to be made available. If you account is Valid click the link.

Yahoo Webmaster

From Yahoo Customer Care Tue Oct 18 15:55:36 2011
X-Apparently-To: <removed> via; Tue, 18 Oct 2011 15:55:39 -0700
Return-Path: <info@yahoocustomercare.com>
Received-SPF: temperror (encountered temporary error during SPF processing of domain of yahoocustomercare.com)
X-YMailISG: EkHzruUWLDvjF_FzpJ0zQnCVoKv_o788XtHLhkvRd7Pzza5o
X-Originating-IP: []
Authentication-Results: mta1451.mail.mud.yahoo.com from=yahoocustomercare.com; domainkeys=neutral (no sig); from=yahoocustomercare.com; dkim=neutral (no sig)
Received: from (EHLO jetta.cpd.ufsm.br) (
by mta1451.mail.mud.yahoo.com with SMTP; Tue, 18 Oct 2011 15:55:37 -0700
Received: from localhost ([] helo=hostmail.ufsm.br)
by jetta.cpd.ufsm.br with esmtp (Exim 4.63)
(envelope-from <info@yahoocustomercare.com>)
id 1RGIZM-000442-PH; Tue, 18 Oct 2011 19:55:36 -0300
Received: from
(SquirrelMail authenticated user caroljrupp@mail.ufsm.br)
by hostmail.ufsm.br with HTTP;
Tue, 18 Oct 2011 19:55:36 -0300 (BRT)
Message-ID: <18614.>
Date: Tue, 18 Oct 2011 19:55:36 -0300 (BRT)
From: "Yahoo Customer Care" <info@yahoocustomercare.com>
Reply-To: info@yahoocustomercare.com
User-Agent: SquirrelMail/1.4.9a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Content-Length: 272

I seriously doubt this email came from Yahoo! I believe it is either a scam, spam, or loaded with a virus, Trojan or some other malware. That is why I did not click on the link, and I reported it to Yahoo as suspected Spam. Apparently I am not the only one. Because their customer care chat line is very very busy!

Can someone help me decipher the full header information to determine where this bogus email came from? So we can bust these @$%&*#'s! :thumbup2:

I did a little search with ProjectWhoIs on DomainTools.com. And found some very interesting Information.

I did an ICMP ping here are the results:

Ping Type: ICMP
Host IP Address Ping Time
1. 245.81ms
2. 232.27ms
3. 232.29ms
4. 232.77ms
5. 232.80ms
6. 232.28ms
7. 232.28ms

Total Duration: 1,640.50 ms
Average Ping: 234.36 ms

After I pinged, I traced the route it took, here are the results: Traceroute
Hop T1 T2 T3 IP
1. 0.67ms 1.04ms 0.69ms Reverse IP | Ping | DNS Lookup
2. 1.74ms 0.84ms 1.69ms Reverse IP | Ping | DNS Lookup
3. 3.63ms 4.06ms 4.36ms igr1-pe2.blh.fibercloud.net Reverse IP | Ping | DNS Lookup
4. 6.65ms 7.06ms 6.66ms Reverse IP | Ping | DNS Lookup
5. 62.90ms 66.08ms 63.68ms cr2.st6wa.ip.att.net Reverse IP | Ping | DNS Lookup
6. 63.57ms 64.74ms 63.03ms cr2.dvmco.ip.att.net Reverse IP | Ping | DNS Lookup
7. 63.87ms 62.87ms 65.34ms cr2.dlstx.ip.att.net Reverse IP | Ping | DNS Lookup
8. 62.54ms 61.94ms 62.38ms cr84.dlstx.ip.att.net Reverse IP | Ping | DNS Lookup
9. 60.55ms 60.66ms 60.59ms gar3.dlrtx.ip.att.net Reverse IP | Ping | DNS Lookup
10. 60.56ms 60.19ms 60.67ms Reverse IP | Ping | DNS Lookup
11. 96.59ms 95.91ms 100.68ms g0-5-0-2.br2.dfw3.terremark.net Reverse IP | Ping | DNS Lookup
12. 97.61ms 98.06ms 96.55ms t0-0-0-7.br2.mia.terremark.net Reverse IP | Ping | DNS Lookup
13. 96.50ms 97.12ms 96.55ms t9-1.gw1.mia.terremark.net Reverse IP | Ping | DNS Lookup
14. 92.48ms 92.15ms 92.74ms Reverse IP | Ping | DNS Lookup
15. 199.64ms 199.91ms 199.51ms ae4-540-r0-sp.bkb.rnp.br Reverse IP | Ping | DNS Lookup
16. 206.49ms 209.03ms 206.61ms xe-2-1-1-3000-r0-pr.bkb.rnp.br Reverse IP | Ping | DNS Lookup
17. 221.55ms 221.83ms 221.55ms xe-3-1-1-3000-r0-rs.bkb.rnp.br Reverse IP | Ping | DNS Lookup
18. 222.48ms 224.96ms 225.56ms ge-0-2-0-1-c12k.pop-rs.rnp.br Reverse IP | Ping | DNS Lookup
19. 233.58ms 232.07ms 231.51ms ufsm-pos-0-2-2-0-c12k.tche.br Reverse IP | Ping | DNS Lookup
20. 232.55ms 232.07ms 232.54ms vlan-backoneext.net.ufsm.br Reverse IP | Ping | DNS Lookup
21. * * * Request Timed Out
22. 232.57ms 231.94ms 232.75ms jetta.cpd.ufsm.br Reverse IP | Ping | DNS Lookup

Does this information help us get the @#$%^&*'s that sent the bogus "Yahoo" email?

Edited by Orange Blossom, 20 October 2011 - 08:27 AM.
Link disabled ~Budapest Removed e-mail address to protect from spambots. ~ OB

BC AdBot (Login to Remove)


#2 4dude


  • Members
  • 578 posts
  • Gender:Male
  • Local time:11:45 AM

Posted 19 October 2011 - 04:15 AM

That looks like a valid google link...

When i goto it,it says this

We're sorry.

You can't access this form because it is in violation of our Terms of service.

Find out more at the Google Docs Help Center.

Whatever was on this page IS NOW GONE.........

I did hear that Yahoo and Google merged (AND I HOPE IM WRONG)

#3 Groffeaston

  • Topic Starter

  • Members
  • 518 posts
  • Gender:Male
  • Location:Easton,PA
  • Local time:12:45 PM

Posted 20 October 2011 - 01:57 AM

Hello 2dude,

It looks like someone else also may have complained to Google and/or Yahoo and then they Pulled the plug on that page!

I have heard several merger stories involving both Google and Yahoo. I do not know which of them have been completed and which are just "Rumor". Most of what I hear is from the evening news on TV.

I am hoping that the information I was able to provide here which is also what I provided to Yahoo is able to lead to the @#$%^'s that sent the Bogus email. I had this happen a couple times before, and tried to use the header info to track down the @#$#%^&'s that sent email to me. I could not figure out what all the stuff was in the header and some of the codes used I gave up doing it my self, but then other things happened and I was unable to follow up on learning more about it. I figured I would post here to warn others about the bogus email.

#4 4dude


  • Members
  • 578 posts
  • Gender:Male
  • Local time:11:45 AM

Posted 24 October 2011 - 01:02 PM

Well if it IS true it explains why Yahoo is trying to force everyone to that MORE INTRUSIVE interface which is garbage and reads your emails!!

#5 Groffeaston

  • Topic Starter

  • Members
  • 518 posts
  • Gender:Male
  • Location:Easton,PA
  • Local time:12:45 PM

Posted 24 October 2011 - 02:01 PM

Hello 4dude,

I do not know about that one and/or have not heard about that one. The only thing new from Yahoo recently that I know of is their new mail format. They switched to a new mail format from their "classic Yahoo email". I know that they are supposed to be switching everyone over to the new email format sometime soon or may have already. It is similar to MSN's Hotmail and AOL's email Formats. I guess people were complain about going back and forth, that it was difficult because of different formats. When Yahoo first came out with the new format I did not like it so I choose to stick with the classic email format. But they have since incorporated some of the features of the classic into the New Yahoo Email format and also added new features as well. Which has made it a lot faster than the older "classic" version/format of email. Yes it still has some drawbacks as does any version/format, but as the updates come out they get fewer, we hope. lol

Which leads me back into my Bogus Yahoo email question. You would figure that with the newer version/format that we would receive less bogus/hoax emails that say they are from Yahoo. With all of the information available to us in the full header how can we use that to determine exactly who sent the bogus/hoax Yahoo email and then have them reported to the proper authorities?

#6 Lillielle


  • Members
  • 22 posts
  • Gender:Female
  • Location:Virginia
  • Local time:12:45 PM

Posted 26 October 2011 - 04:58 AM

I haven't gotten the bogus yahoo email and have no idea how you would determine who sent it, but I know with the new mail format, I really dislike that they made me switch...they'd been suggesting it for a while and then I logged in one day and hello new format.
Acer Aspire 5750, Windows 7 64-bit, Intel i3 2.1GHz
"Neither the angels in heaven above nor the demons down under the sea can ever dissever my soul from the soul of the beautiful Annabel Lee"

#7 4dude


  • Members
  • 578 posts
  • Gender:Male
  • Local time:11:45 AM

Posted 26 October 2011 - 03:24 PM

Luckily my accoutns are STILL ON THE OLDER INTERFACE and ill continue to do whatever i can to keep them there! (That new interface IS GARBAGE)

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users