My First German Scam Email

The phishermen are casting a wide net.

Here’s my first phishing email in German, with headers:

Received: from (LHLO ( by with LMTP; Tue, 15 Jul 2014 13:17:57 +0000
Received: from ([])
by with comcast
id SdHw1o0041zWx2w0adHwbd; Tue, 15 Jul 2014 13:17:56 +0000
X-CAA-SPAM: 00000
X-Authority-Analysis: v=2.1 cv=P/wD2Ewu c=1 sm=1 tr=0
a=KztXjUqHRyz9kbsNwKbgzg==:117 a=8FReB3YSAAAA:8 a=C_IRinGWAAAA:8
a=GGcpBh7Jt_oA:10 a=trIDVAjzH2wA:10 a=rKpt8qlD2zIA:10 a=aYsrNlUn7DwA:10
a=IkcTkHD0fZMA:10 a=cc8bsT4k8mMA:10 a=srLljQ7VAAAA:8 a=QpSK2HJ8AAAA:8
a=QAZS5B4ip-KZLdxwkisA:9 a=8PHepCJaBy8WvsX-:21 a=QEXdDO2ut3YA:10
a=_W_S_7VecoQA:10 a=6xz8xM_uv-EA:10
Received: from majorapp by with local (Exim 4.82)
(envelope-from <>)
id 1X72cF-0004OT-QT
for [redacted]; Tue, 15 Jul 2014 08:17:55 -0500
To: [redacted]
Subject: Kundenservice
X-PHP-Script: for
From: <>
Content-type: text/html; charset=utf-8
Message-Id: <>
Date: Tue, 15 Jul 2014 08:17:55 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname –
X-AntiAbuse: Original Domain –
X-AntiAbuse: Originator/Caller UID/GID – [3638 32003] / [47 12]
X-AntiAbuse: Sender Address Domain –
X-BWhitelist: no
X-Exim-ID: 1X72cF-0004OT-QT
X-Source: /opt/php54/bin/php-cgi
X-Source-Args: /opt/php54/bin/php-cgi /home/majorapp/public_html/wp-content/themes/twentyten/images/headers/sistems.php
X-Source-Auth: majorapp
X-Email-Count: 9
X-Source-Cap: bWFqb3JhcHA7emV2eW9zMjticm9uY28ud2Vic2l0ZXdlbGNvbWUuY29t

Wir brauchen Ihre Hilfeaufgrund der steigenden Zahlungsausfalle mittels Lastschrift- und Rechnungszahlung,
ist es in Zukunft leider nicht mehr moglich, eine Zahlung bei mit diesen Zahlungsarten ohne hinterlegte Kreditkarte zu tatigen. Daher ist es notwendig, dass alle Kunden eine Kreditkarte als Zahlungsmittel hinterlegen.

Sollten Sie bereits eine Kreditkarte hinterlegt haben, bitten wir Sie, die bereits hinterlegte Kreditkarte zu verifizieren. Sollten Sie noch keine Kreditkarte besitzen, legen wir Ihnen gerne die Amazon VISA-Kreditkarte ans Herz. Nutzen Sie zur Verifizierung bitte den folgenden Link: Zum Sicherheitsverfahren – (Notice that this is not a valid URL)

Bitte beachten Sie, dass Sie Ihr ohne hinterlegte Kreditkarte in Zukunft nicht mehr nutzen konnen.

Mit freundlichen Grußen,
Ihr Kundenservice

In short, they’re saying that I can no longer use my current credit card and need to add a couple more. The bogus link takes you to a bogus Amazon page
where you get to divulge all of your credit card and banking data.
Please be careful out there. So many evil and unprincipled drones want your money, and will stop at nothing to get it.
The Old Wolf has spoken.

6 responses to “My First German Scam Email

  1. For a SPAM/Phishing e-mail it has an amazingly good German, even the stilted phrasing you’d expect if it were real. And, also amazingly, they even admit you won’t be taken to the real Amazon website.
    Have a good one,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s