1. By continuing to use the site, you agree to the use of cookies .This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the cookie policy.Find out more.
    Dismiss Notice
  2. Follow Casinomeister on Twitter | Facebook | YouTube | Casinomeister.us US Residents Click here! |  Svenska Svenska | 
Dismiss Notice
REGISTER NOW!! Why? Because you can't do diddly squat without having been registered!

At the moment you have limited access to view most discussions: you can't make contact with thousands of fellow players, affiliates, casino reps, and all sorts of other riff-raff.

Registration is fast, simple and absolutely free so please, join Casinomeister here!

Neteller: suspicious email

Discussion in 'Other Complaints' started by Mouche12, Dec 15, 2009.

    Dec 15, 2009
  1. Mouche12

    Mouche12 Kitty Lover PABnononaccred PABnonaccred PABnoaccred

    Occupation:
    Translator and facilities manager
    Location:
    Amsterdam
    Today I received an email from "Neteller", as shown below, which asked me to update my account info, including account no. and security ID.

    Talked to live chat about this, and they advised me to send it to This email is not visible to you. for further investigation.


    QUOTE Dear Neteller Customers,

    Our Technical Service department has recently updated our online services, and due to this upgrade we sincerely call your attention to follow below link and reconfirm your online account details. Failure to confirm your NETELLER account details will permanently suspend you from accessing your account online.

    You must register/login in order to see the link.

    We use the latest security measures to ensure that your NETELLER account is safe and secure. The administration asks you to accept our apologies for the inconvenience caused and expresses gratitude for cooperation.

    Thanks for choosing NETELLER

    NETELLER Customer Service
    This email is not visible to you.
    --------------------------------------------------
    This is an automatic message. Please do not reply.
    UNQUOTE
     
  2. Dec 15, 2009
  3. vinylweatherman

    vinylweatherman You type well loads CAG MM

    Occupation:
    STILL At Leisure
    Location:
    United Kingdom
    It HAS to be phishing, but that link is GENUINE - it does not try anything "uncool". It takes you to the main login page, and if this IS a bogus page, the FIRST thing someone would try to do is log in, and this would give the criminals all your login info, from where they could quickly empty your account with a Peer to Peer transfer.

    Unfortunately, Neteller are in the habit of sending GENUINE emails just like this, except they are "Dear valued customer" or similar.
    There would also be a signature, but one that ANY criminal could copy into a phishing email.
    The GENUINE Neteller emails like this all relate to the promotions though, and contain a link for you to register your interest. I have NEVER seen an "update your details" style email from them.

    I have NOT received this, and if this were a GENUINE email, I would have done.

    Whatever any email from Neteller says, ALWAYS navigate directly to the site, rather than follow any links. This will ensure you don't fall for this.

    I have been warning Neteller about their habit of sending GENUINE emails to customers in "phishing format", such as "click here to register for December cashback". They have ignored this, and now the phishers have cottoned on to the fact that Neteller customers are used to the "click here to..." format being genuine, making it easier to scam Neteller customers like this.
     
  4. Dec 15, 2009
  5. Roanan

    Roanan Banned User - abusive flamming - misogynist

    Occupation:
    Geek
    Location:
    Langley, BC...in Canada, eh?
    The email may LOOK genine, but if you pay attention, and hover your mouse over the link provided, you will see that is actually directs you to:

    You must register/login in order to see the link.-online.com/account/index.htm?action=update

    IP address: 94.75.233.1
    Host name: You must register/login in order to see the link.

    Alias:
    You must register/login in order to see the link.
    94.75.233.1 is from Netherlands(NL) in region Western Europe


    TraceRoute to 94.75.233.1 [You must register/login in order to see the link.
    Hop (ms) (ms) (ms) IP Address Host name
    1 153 224 48 72.249.128.105 -
    2 58 18 26 206.123.64.82 -
    3 154 236 217 216.52.189.9 border4.te4-4.colo4dallas-5.ext1.dal.pnap.net
    4 10 9 8 216.52.191.38 core1.tge5-1-bbnet1.ext1.dal.pnap.net
    5 6 8 14 208.51.41.57 ae0.411.ar1.dal2.gblx.net
    6 7 6 7 64.212.107.10 telia-1.ar4.dal2.gblx.net
    7 29 38 33 80.91.248.214 atl-bb1-link.telia.net
    8 54 45 46 80.91.252.217 ash-bb1-link.telia.net
    9 123 124 119 213.248.65.97 ldn-bb1-link.telia.net
    10 130 129 130 80.91.253.19 adm-bb2-link.telia.net
    11 142 135 136 80.91.253.167 adm-b2-link.telia.net
    12 131 129 132 80.91.248.246 adm-evo-i2-link.telia.net
    13 139 143 148 213.248.88.198 leaseweb-ic-126777-adm-evo.c.telia.net
    14 137 141 154 85.17.100.206 te9-2.sr7.evo.leaseweb.net
    15 137 131 131 94.75.233.1 afm018.onedream.gr

    Trace complete


    Retrieving DNS records for You must register/login in order to see the link....

    DNS servers
    ns1.neteller-online.com [94.75.233.1]
    ns2.neteller-online.com [94.75.233.1]

    Answer records
    You must register/login in order to see the link. A 94.75.233.1 14400s

    Authority records
    neteller-online.com NS ns2.RSRF001.local 14400s
    neteller-online.com NS ns1.RSRF001.local 14400s

    Additional records


    Whois query for neteller-online.com...

    Query error: Timed out

    Network IP address lookup:


    Whois query for 94.75.233.1...

    Results returned from whois.arin.net:


    OrgName: RIPE Network Coordination Centre
    OrgID: RIPE
    Address: P.O. Box 10096
    City: Amsterdam
    StateProv:
    PostalCode: 1001EB
    Country: NL

    ReferralServer: whois://whois.ripe.net:43

    NetRange: 94.0.0.0 - 94.255.255.255
    CIDR: 94.0.0.0/8
    NetName: 94-RIPE
    NetHandle: NET-94-0-0-0-1
    Parent:
    NetType: Allocated to RIPE NCC
    NameServer: NS-PRI.RIPE.NET
    NameServer: SEC1.APNIC.NET
    NameServer: SEC3.APNIC.NET
    NameServer: TINNIE.ARIN.NET
    NameServer: NS2.LACNIC.NET
    Comment: These addresses have been further assigned to users in
    Comment: the RIPE NCC region. Contact information can be found in
    Comment: the RIPE database at You must register/login in order to see the link.
    RegDate: 2007-07-30
    Updated: 2009-05-18

    # ARIN WHOIS database, last updated 2009-12-14 20:00
    # Enter ? for additional hints on searching ARIN's WHOIS database.


    Results returned from whois.ripe.net:

    % This is the RIPE Database query service.
    % The objects are in RPSL format.
    %
    % The RIPE Database is subject to Terms and Conditions.
    % See You must register/login in order to see the link.

    % Information related to '94.75.233.0 - 94.75.233.255'

    inetnum: 94.75.233.0 - 94.75.233.255
    netname: LEASEWEB
    descr: LeaseWeb
    descr: P.O. Box 93054
    descr: 1090BB AMSTERDAM
    descr: Netherlands
    descr: You must register/login in order to see the link.
    remarks: Please send email to "abuse@leaseweb.com" for complaints
    remarks: regarding portscans, DoS attacks and spam.
    remarks: assignment LEASEWEB 20080723
    country: NL
    admin-c: LSW1-RIPE
    tech-c: LSW1-RIPE
    status: ASSIGNED PA
    mnt-by: LEASEWEB-MNT
    changed: This email is not visible to you. 20080725
    source: RIPE

    person: RIP Mean
    address: P.O. Box 93054
    address: 1090BB AMSTERDAM
    address: Netherlands
    phone: +31 20 3162880
    fax-no: +31 20 3162890
    abuse-mailbox: This email is not visible to you.
    e-mail: This email is not visible to you.
    nic-hdl: LSW1-RIPE
    notify: This email is not visible to you.
    mnt-by: OCOM-MNT
    changed: This email is not visible to you. 20050607
    changed: This email is not visible to you. 20060215
    changed: This email is not visible to you. 20060608
    changed: This email is not visible to you. 20080603
    source: RIPE

    % Information related to '94.75.192.0/18AS16265'

    route: 94.75.192.0/18
    descr: LEASEWEB
    origin: AS16265
    remarks: LeaseWeb
    mnt-by: OCOM-MNT
    changed: This email is not visible to you. 20080725
    source: RIPE



    and the email itself originates from somewhere else:

    Received: from DSVR011490 (server88-208-245-44.live-servers.net [88.208.245.44])
    (Authenticated sender: This email is not visible to you.)
    by mx1.bouncemanager.it (Postfix) with ESMTPA id B86FA2B22BF

    IP address: 88.208.245.44
    Host name: server88-208-245-44.live-servers.net
    88.208.245.44 is from United Kingdom(UK) in region Western Europe


    TraceRoute to 88.208.245.44 [server88-208-245-44.live-servers.net]
    Hop (ms) (ms) (ms) IP Address Host name
    1 19 26 54 72.249.128.105 -
    2 18 39 40 8.9.232.73 xe-5-3-0.edge3.dallas1.level3.net
    3 33 30 57 4.69.145.244 ae-93-90.ebr3.dallas1.level3.net
    4 39 36 35 4.69.134.22 ae-7.ebr3.atlanta2.level3.net
    5 63 60 60 4.69.132.86 ae-2.ebr1.washington1.level3.net
    6 44 54 51 4.69.134.142 ae-91-91.csw4.washington1.level3.net
    7 48 45 41 4.69.134.157 ae-92-92.ebr2.washington1.level3.net
    8 138 133 129 4.69.137.57 ae-43-43.ebr2.frankfurt1.level3.net
    9 131 139 130 4.69.140.18 ae-62-62.csw1.frankfurt1.level3.net
    10 128 129 131 4.68.23.12 ae-1-69.edge4.frankfurt1.level3.net
    11 136 137 135 212.162.24.6 -
    12 143 136 136 212.227.120.90 te-1-4.bb-c.act.fra.de.oneandone.net
    13 137 137 135 212.227.120.129 te-1-1.bb-c.nkf.ams.nl.oneandone.net
    14 145 137 139 212.227.120.134 te-1-2.bb-c.the.lon.gb.oneandone.net
    15 185 203 196 88.208.255.61 -
    16 144 141 134 88.208.255.14 pc1.hrt0.fhcon.fasthosts.net.uk
    17 Timed out Timed out Timed out -
    18 Timed out Timed out Timed out -
    19 Timed out Timed out Timed out -
    20 Timed out Timed out Timed out -

    Trace aborted.

    Retrieving DNS records for server88-208-245-44.live-servers.net...

    DNS servers
    ns1.live-servers.net [213.171.192.225]
    ns2.live-servers.net [213.171.193.225]

    Answer records
    server88-208-245-44.live-servers.net A 88.208.245.44 86400s

    Authority records

    Additional records


    Whois query for live-servers.net...

    Results returned from whois.internic.net:


    Whois Server Version 2.0

    Domain names in the .com and .net domains can now be registered
    with many different competing registrars. Go to You must register/login in order to see the link.
    for detailed information.

    Domain Name: LIVE-SERVERS.NET
    Registrar: TUCOWS INC.
    Whois Server: whois.tucows.com
    Referral URL: You must register/login in order to see the link.
    Name Server: NS1.LIVE-SERVERS.NET
    Name Server: NS2.LIVE-SERVERS.NET
    Status: clientDeleteProhibited
    Status: clientTransferProhibited
    Status: clientUpdateProhibited
    Updated Date: 06-sep-2007
    Creation Date: 18-nov-2004
    Expiration Date: 18-nov-2015

    >>> Last update of whois database: Tue, 15 Dec 2009 15:19:41 UTC <<<

    NOTICE: The expiration date displayed in this record is the date the
    registrar's sponsorship of the domain name registration in the registry is
    currently set to expire. This date does not necessarily reflect the expiration
    date of the domain name registrant's agreement with the sponsoring
    registrar. Users may consult the sponsoring registrar's Whois database to
    view the registrar's reported date of expiration for this registration.

    TERMS OF USE: You are not authorized to access or query our Whois
    database through the use of electronic processes that are high-volume and
    automated except as reasonably necessary to register domain names or
    modify existing registrations; the Data in VeriSign Global Registry
    Services' ("VeriSign") Whois database is provided by VeriSign for
    information purposes only, and to assist persons in obtaining information
    about or related to a domain name registration record. VeriSign does not
    guarantee its accuracy. By submitting a Whois query, you agree to abide
    by the following terms of use: You agree that you may use this Data only
    for lawful purposes and that under no circumstances will you use this Data
    to: (1) allow, enable, or otherwise support the transmission of mass
    unsolicited, commercial advertising or solicitations via e-mail, telephone,
    or facsimile; or (2) enable high volume, automated, electronic processes
    that apply to VeriSign (or its computer systems). The compilation,
    repackaging, dissemination or other use of this Data is expressly
    prohibited without the prior written consent of VeriSign. You agree not to
    use electronic processes that are automated and high-volume to access or
    query the Whois database except as reasonably necessary to register
    domain names or modify existing registrations. VeriSign reserves the right
    to restrict your access to the Whois database in its sole discretion to ensure
    operational stability. VeriSign may restrict or terminate your access to the
    Whois database for failure to abide by these terms of use. VeriSign
    reserves the right to modify these terms at any time.

    The Registry database contains ONLY .COM, .NET, .EDU domains and
    Registrars.


    Results returned from whois.tucows.com:

    IP Address: 67.222.132.194
    Maximum Daily connection limit reached. Lookup refused.

    Network IP address lookup:


    Whois query for 88.208.245.44...

    Results returned from whois.arin.net:


    OrgName: RIPE Network Coordination Centre
    OrgID: RIPE
    Address: P.O. Box 10096
    City: Amsterdam
    StateProv:
    PostalCode: 1001EB
    Country: NL

    ReferralServer: whois://whois.ripe.net:43

    NetRange: 88.0.0.0 - 88.255.255.255
    CIDR: 88.0.0.0/8
    NetName: 88-RIPE
    NetHandle: NET-88-0-0-0-1
    Parent:
    NetType: Allocated to RIPE NCC
    NameServer: NS-PRI.RIPE.NET
    NameServer: NS3.NIC.FR
    NameServer: SEC1.APNIC.NET
    NameServer: SEC3.APNIC.NET
    NameServer: SUNIC.SUNET.SE
    NameServer: TINNIE.ARIN.NET
    NameServer: NS2.LACNIC.NET
    Comment: These addresses have been further assigned to users in
    Comment: the RIPE NCC region. Contact information can be found in
    Comment: the RIPE database at You must register/login in order to see the link.
    RegDate: 2004-04-01
    Updated: 2009-05-18

    # ARIN WHOIS database, last updated 2009-12-14 20:00
    # Enter ? for additional hints on searching ARIN's WHOIS database.


    Results returned from whois.ripe.net:

    % This is the RIPE Database query service.
    % The objects are in RPSL format.
    %
    % The RIPE Database is subject to Terms and Conditions.
    % See You must register/login in order to see the link.

    % Information related to '88.208.245.0 - 88.208.245.254'

    inetnum: 88.208.245.0 - 88.208.245.254
    netname: FASTHOSTS-UK-NETWORK
    descr: UK's largest web hosting company based in Gloucester
    descr: England
    country: GB
    admin-c: MW8691-RIPE
    tech-c: GD8691-RIPE
    status: ASSIGNED PA
    mnt-by: AS15418-MNT
    changed: This email is not visible to you. 20070920
    remarks: report abuse to This email is not visible to you.
    remarks: All reports via other channels will be ignored.
    remarks: INFRA-AW
    source: RIPE

    person: Mark Wood
    address: Fasthosts Internet Limited
    address: Suite 7, Discovery Court
    address: 154 Southgate Street
    address: Gloucester, GL1 2EX
    phone: +44 1452 541251
    fax-no: +44 1452 541633
    nic-hdl: MW8691-RIPE
    mnt-by: AS15418-MNT
    changed: This email is not visible to you. 20021128
    source: RIPE

    person: George Daly
    address: Fasthosts Internet Limited
    address: Discovery House
    address: 154 Southgate Street
    address: Gloucester, GL1 2EX
    phone: +44 1452 541251
    fax-no: +44 1452 541633
    nic-hdl: GD8691-RIPE
    changed: This email is not visible to you. 20060712
    mnt-by: AS15418-MNT
    source: RIPE

    % Information related to '88.208.192.0/18AS15418'

    route: 88.208.192.0/18
    descr: FasthostInternet Ltd
    origin: AS15418
    mnt-by: AS15418-MNT
    changed: This email is not visible to you. 20051104
    source: RIPE
     
  6. Dec 15, 2009
  7. maxd

    maxd Complaints (PAB) Manager Staff Member

    Occupation:
    The PAB Guy
    Location:
    Saltirelandia
    Good catch! The rest of it is a bit verbose but good work nevertheless. :thumbsup:
     
  8. Dec 15, 2009
  9. Roanan

    Roanan Banned User - abusive flamming - misogynist

    Occupation:
    Geek
    Location:
    Langley, BC...in Canada, eh?
    It's not too hard to figure out when you receive the email three times in three separate email accounts and you live in a country that Neteller won't service ;)

    My advice is to click the link, and fill it out with false information.

    If the scammers have to spend a lot of time trying to access a fake account, it slows them down a bit.

    I also notice that this particular scam is originating from Europe, instead of China or Saudi Arabia (where they usually trace back to) so it is possible that the authorities can be alerted and might actually be able to get somewhere for once.

    You can see by my trace results that the website is housed in The Netherlands, where YOU LIVE, so you actually have a chance of shutting them down yourself if you contact your local police's commercial crime division.
     

Share This Page