Skip to content

EricN Publications

Publications by Eric Niewoehner

Menu
  • Non-Fiction
    • A God Thing
      • Rachel’s Prairie
      • Adolescent Meditations
    • Oakland
      • Old Buildings Can be Creepy
      • Food for Thought
      • Dust in the Wind
      • The Arc of Travel
    • Iconium
    • Thinking Out Loud
      • Is Juneau Running Out of Diesel?
      • The Volkmer Effect on Alaska’s Congressional Representation
      • The Tragedy of Russia
      • Are We In A Recession?
      • Where Does Inflation Come From?
      • The Mail-In Ballot Experience
      • The Debt We Owe
      • The Solution to Paying Off Student Debt
      • Student Debt: Are Colleges to Blame?
      • The Problem of Student Debt
      • Fighting Inflation – A Trip to the Grocery Store
      • Ukraine – Poland 1939 All Over Again
      • Broken: Is Public Education Beyond Repair?
      • Transparency and Critical Race Theory
      • The New Wave
      • The Pro Act and YouTube
      • Almond Abstract and the Pursuit of Happiness
      • Open Letter to Major League Baseball
      • Tribute to Rush Limbaugh
      • Why Parler?
      • Adults in the Room
      • The Invisible Hand
      • Transparency
      • Fake News Update
      • Solution to Fake News
    • Old Friends
      • The Ideological Origins of the American Revolution
        • Sources and Traditions
        • Power and Liberty
        • The Logic of Rebellion
        • A Note On Conspiracy
        • Transformation — From Reaction to Revolution
        • The Contagion of Liberty
      • The Road to Serfdom
        • Introductions — Or Before You Begin
        • The Road Once Traveled
        • Are You A Nazi?
        • Are You A Socialist?
        • Individualism
    • The Pandemic Journal
      • When Does Ten Percent Matter?
      • Federalism — Or Intentional Chaos
      • Faith (Part II)
      • Faith
      • The Big Surprise
      • Teleworking
      • The Invisible Hand
      • Unbelievable
      • Rethinking Education
      • Perception
      • Selfie and the Mask
      • China
      • Strategic Globalism
      • Risk
      • Media
      • Unknowable
      • Home Schooling
      • Grocery Chronicles
    • When Few Were Watching
    • The Advent Conspiracy
      • What’s Missing
      • Cash Only Please
      • Worship Fully
      • Give More
      • Christmas — It’s a Tide, not a Day
  • Fiction by Eric Niewoehner
  • Technology Publications
    • Technology Blogs
      • A Play on Words
      • Spam Update — How to Avoid Spam
      • Facebook — A Sickening Feeling
      • Can PayPal Be Trusted?
      • Are You Ready to Rumble?
      • The Alaskan Congressional Rodeo
      • The Gift of Gab
      • Facebook – What Say You?
      • What’s Up with Parler
      • Out of Control? – Security Vulnerabilities in Control Systems
      • The Case of Lorie Smith
      • Facebook — Impersonated Accounts
      • The Case of Josh Renaud
      • SHAKEN, But Not STIRred
      • Can GoDaddy Be Trusted?
      • Ransomware and the Mechanical Pencil
      • Tracking Scams in Phone Messages
      • Disaster Recovery — The Case of Parler
      • CVS Update
      • Why Parler?
      • Computer Vision Syndrome
      • Passwords – the Gremlins of Cyberspace
      • Spam Filtering: Mastering Your E-mail
    • The Facebook Safe Space
    • Technical Documentation
      • Welcome to DOGland
      • Windows 10 and Computer Vision Syndrome
      • Sustainable Printing
    • The Tech Community
    • Introducing Substack and Locals.Com
  • Contact
  • About
  • Lessons Learned
Menu
Smartphone

Tracking Scams in Phone Messages

Posted on July 15, 2021January 6, 2023 by Eric Niewoehner

Every now and then I put together something related to computer security. My objective is to be technically precise, yet provide the common computer user some information that might protect them from fraud or malware. Hopefully you will find this article on scams in text messages helpful.


First posted June 1, 2021
Updated June 2, 2021
Updated July 15, 2021


Just received a message on my phone saying

Notice: Your stimulus is ready to be claimed.

stimcheck.info/KXUqXXI

It is really sad that people are exposed to scams such as this. What it is – I don’t know and I am not in the position to use any tools to explore the details of how it operates.

The key thing to note is the link. Anything from the federal government would have a .gov ending. DO NOT CLICK ON THE LINK. Clicking on the link could compromise the security on your cell phone, or send you down the rabbit hole of an evolving fraud scheme.

Who is stimcheck.info?

So who is stimcheck.info? To find an answer you can go to www.whois.com. Simply type in stimcheck.info and look at the results. The site will come up as already in use (in most cases) and you can simply click the “Whois” button on the right to get all the gory details about a website registration.

Domain Name: STIMCHECK.INFO
Registry Domain ID: D503300001198561385-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2021-05-30T19:28:41Z
Creation Date: 2021-05-30T19:23:51Z
Registry Expiry Date: 2022-05-30T19:23:51Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc
Registrar IANA ID: 1068
Registrar Abuse Contact Email: 
abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant State/Province: Capital Region
Registrant Country: IS
Name Server: RORY.NS.CLOUDFLARE.COM
Name Server: GABRIELLA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2021-05-31T22:19:24Z <<<

Some things to note are

  • The domain name – for folks not familiar with the language of the Internet, the web addresses you use are referred to as “domains.”
  • The Registrar URL – this is the facility where the domain is registered. What is important about this information is that it provides you at least one place where you can lodge a complaint.
  • The dates – this I find interesting because I received the bogus message on 05/31. Notice it is registered on 05/30.
  • The Abuse Contact information – you can call or send an e-mail.
  • Registrant information – Domain owners have the option of keeping contact information private. I do so because my contact information is my personal address, so I don’t particularly care to broadcast to the entire world. But there is one detail here that is rather interesting. The Country Code is “IS” – which is Iceland. Whether that is for real or not will depend. When lodging your complaint, you may want to request that NameCheap compare the contact information with the credit card that was used to make the payment.
     

Why not just go to stimcheck.info and check it out. I would normally make that attempt, but it is strongly recommended it is done on a non-production system. I am currently traveling and using my laptop, so I don’t want to risk accessing a website that is “hot”. Another thing to consider is whether you are code-savvy, know how to bring up the debugger in your browser and follow what the site is attempting to do. If you are lacking theses skills, I would recommend you NOT visit stimcheck.info.

A less risky maneuver is to conduct a trace route on the website. This would help you triangulate the location of the server itself.  You will need to open the command shell in Windows and then type the following command. 

C:\tracert -4 stimcheck.info
Tracing route to stimcheck.info [172.67.148.128]
over a maximum of 30 hops:
1 120 ms 3 ms 3 ms 192.168.43.1
2 54 ms 80 ms 54 ms 172.26.96.161
3 87 ms 56 ms 66 ms 107.79.236.252
4 84 ms 72 ms 65 ms 12.83.186.161
5 84 ms 61 ms 77 ms 12.83.186.145
6 82 ms 66 ms 65 ms cgcil401igs.ip.att.net [12.122.133.105]
7 58 ms 56 ms 64 ms ae16.cr7-chi1.ip4.gtt.net [173.241.128.29]
8 85 ms 87 ms 66 ms ae19.cr9-chi1.ip4.gtt.net [141.136.108.189]
9 192 ms * 190 ms ip4.gtt.net [208.116.131.178]
10 * * 171 ms 172.67.148.128

I am communicating over a hot-spot, so the first 6 “hops” are related to ATT routing. It gets a bit more interesting when we reach gtt.net. GTT is a major network service. What this entails is another option for leveling a complaint. Breaking the law violates Terms of Service. They can investigate the operation and possibly terminate services. Law enforcement can use this information to correlate traffic running between ip4.gtt.net and the 172.67.148.128 address. Investigators will also be able to narrow in on the physical location of the scammers by requesting that GTT provide the location of the 208.166.131.178 address.

I must warn you to not expect replies from your complaints. I generally do not hear back from providers. But it is at least a record can be used by security specialists when and if the information is ever needed.

What about the phone numbers?

Every message has an attendant phone number. Unfortunately, phone numbers are spoofed. So don’t bother tracing them. You may not want to block them because the scammers race through thousands of numbers. But you can block a string of text. From your Messages app, tap the double-dots in the upper right hand corner and you should see “Settings,” of which one of the options will be to block a message. You can then type in the string that will uniquely identify the suspicious message.

What about law enforcement?

Generally speaking, everyone from the local police department to the FBI and the US Marshals are not equipped to handle complaints from the general public. My attempts to do so have usually resulted in an advisory to be cautious. It is quite apparent that our government at all levels is not able to communicate with the millions of people who are affected by scams, yet some means of reporting would be helpful. This would allow investigators to gain the scope of the scam and to more aggressively pursue cooperation from providers. As it is, I can only assume that someone somewhere is aware of stimcheck.info.

What about searching the web?

Searching the web is often our first thought.  Type in stimcheck.info and you should quickly see reports of fraud.  But scammers are pretty smart.  For DuckDuckGo (the search engine I use), the phrase “stimcheck.info” is interpolated as “stim check info”, producing a long list of perfectly legitimate sites about our stimulus checks.  You will not find any references to “stimcheck.info” on any of their pages.  Another thing to consider is how recently the address was registered (on 05/30) and there simply may not be any track record of stimcheck.info. 

But — if I follow the phrase with the word “fraud” I will get one hit, https://www.scamvoid.net.  It is a scam database where you can type in “stimcheck.info” to see if it is legit.  The result was “The site is very new and we can’t judge it yet.” 

As you can see, using web searches is a bit of an art.  While I find web searches useful, I would not find them a reliable indicator of trust.

In conclusion, I hope these tips are helpful.  There are certainly other resources out there and your comments and suggestions are always appreciated.  You can write your comments below, or click the button on the left to my other social media sites.

Updates

June 2, 2021

Golly!  After only one day I was hit by two variants:  stimulus-claim.info and claim-stimulus.info.

Again, went to www.whois.com and checked out who owned the account.  As suspected, same country (Iceland) and same DNS registrar (Namecheap).  So I decided to send a note abuse@namecheap.com. 

I then did a trace route on the two new domains to confirm they are originating from the same area.

July 15, 2021

I must give credit where credit is due.  Did receive a reply immediately from Namecheap.  I waited to post their response to see if I would receive any follow-through.  Here is their response.

Thank you for contacting Namecheap Legal and Abuse department. We confirm the receipt of your ticket.

Please be assured that we will investigate the matter you reported and take action based on the results of our investigation. Please also be aware that, while Namecheap investigates every complaint, we cannot always respond with the results of the investigation and your ticket might be closed accordingly.

Important: In order to support the process of investigation, please review the instructions below depending on the type of the abuse you are reporting. To help us fully investigate your claim, please ensure your submission includes all of the requirements we describe. If you have submitted a complaint and realize that information is missing, please simply reply to this message and include the additional information:

Information required to support our investigation https://www.namecheap.com/support/knowledgebase/article.aspx/9196/5/how-and-where-can-i-file-abuse-complaints

How does Namecheap investigate Suspected Email Abuse/Spam? https://www.namecheap.com/support/knowledgebase/article.aspx/10184/5/how-does-namecheap-investigate-suspected-email-abusespam

© Copyright 2021 to Eric Niewoehner

Read More Technology Blogs

Related

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

EricN Publication Logo
  • Facebook page for EricN Publications
  • LinkedIn page for EricN Publications
  • Twitter page for EricN Publications

Recent Posts

  • Why The Facebook Safe Space
  • Facebook — Impersonated Accounts
  • Individualism
  • A Play on Words
  • Spam Update — How to Avoid Spam

Categories

  • A God Thing
  • Advent Conspiracy
  • Alaska
  • Bernard Bailyn
  • Documentation
  • Economics
  • Education
  • FA Hayek
  • Facebook
  • Faith
  • History
  • Life
  • Missouri
  • Non-Fiction
  • Oakland
  • Old Friends
  • Pandemic Journal
  • Politics
  • Security
  • Social Media
  • Tech Blogs
  • Technology
  • Thinking Out Loud

Archives

  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • September 2021
  • August 2021
  • July 2021
  • April 2021
  • February 2021
  • January 2021
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • November 2018
  • August 2018
  • April 2018
  • February 2017
  • November 2016
  • October 2016
  • July 2016
Copyright Notice

All articles are copyrighted material from Eric Niewoehner.

  • Facebook
  • LinkedIn
  • Twitter
© 2023 EricN Publications | Powered by Minimalist Blog WordPress Theme