This blog post will serve as an incident report for the Armstrong State University police department’s Cyber Forensics unit, which is now part of Georgia Southern University.
The following companies will be given a link to this post:
- PayPal, Inc.
On February 17, 2018 I listed my MacBook Pro for sale on eBay. The listing can be found at the following address. I received an email from email@example.com. The IP Address of the email is 22.214.171.124 which maps to mail-sor-f65.google.com.
The email in its entirety can be read here: peggy_hamrick_email.
The seller told me to send a request for a PayPal payment and I soon received a spoofed email. The email has a spoofed reply to firstname.lastname@example.org. However the email address identified the sender as email@example.com. This is a real email address (see bottom image), however it was sent from a mail server that isn’t listed as a MX record for post.nz.
I haven’t gotten to any major classes but I have done by best to summarize what I found. The fake payment email was sent from 2a02:598:a:0:0:0:78:34 which points to mxe1.sezman.ce. This server is not listed as a MX record for post.nz – the servers listed for post.nz can be seen in the emails below (mx1.sezman.ce, mx2.sezman.ce).
This email can be downloaded here: firstname.lastname@example.org.
If you need any further information, you have my contact information.