Fraudulent E-mail for Ride Operators

Hmm. Why do you people think that this is a fradulent email??

My email address is even listed in the employee address book.. so unless someone has been stalking me, I'm not sure how they got my email because the only place I put it was on my termination papers...

Top Thrill Dragster said:
Is rideemployees@cedarpoint.com a real Cedar Point email address? *** Edited 12/2/2005 11:45:21 PM UTC by Top Thrill Dragster***

http://happyhacker.org/gtmhh/beginnineb.shtml

Its not hard to spoof E-mail.

But wow...

The problem is that no matter what email you click on, it will go to Cedar Point's mail server. Not anywhere else.

Phishing dictates that the information must go to a third party. It's not phishing unless the infromation gets into the wrong hands. Cedar Point isn't the "wrong hands" in this case.

Now if someone registered say cederpoint.com for example and sent a spoof email to employees that returned to rideemployees@cederpoint.com then it would be phishing.

*** Edited 12/3/2005 9:37:44 AM UTC by ForgottenEE***

If anyone of my friends had my SS # and actually gave it away by e-mail I'd slap them across the face and kick them in the butt!

S

I used to be a ride operator for CP, but this is just common sense for any company. I haven't received this email, nor will I since my last Ride Op season was 2004.

Personally I beleive the statement that Matt, Karrah, Debra, and Steve are ride managers and not Internet security/identity theft experts is an insult to their intellect. They are smart people who are just as up to date with technology as everyone else. They care for your security. They don't need to be insulted.

THIS IS A FRAUDULENT EMAIL!!!

For any company you apply to the personel or human resources department, they review and send your application off to the appropriate people. In this case Ride Operations management. So yes, ride operations has your application of file in their office as well. More or less on their computers since it's electronic. That application has your SS# on it.

Further more when you process out for the season you need to write down a forwarding address for your postal mail and other W2 information. A carbon copy of this is givn to both your department office and human resources....

Again furthermore as with every company out there your boss, in this case ride operations management has a file for you, in that file is your address, SS# and other information about you that they can reference when making decisions about you, whether its a simple write up, termination or after termination rehiring.

It is unethicle for any company out there to randomly email you and ask you for information more personal that your current address. Much less your friends SS#'s.

I don't doubt that either this year or future years they may replace the paper invites with email invites to return, but this particular one appears to be a fraud.

Just remember the paper invites usually come the end of the first to the second week in December. They never ever ask you for your or anybody elses SS# because they already have or will obtain that information from your file and application.

Seriously people. Take a good hard look at the email itself.

1) Cedar Point does NOT have the email addy it was sent to. They have my school addy, and all official things go through there. The only place my hotmail is listed is in the addy book. Comparing the addys to those in the book, it is plain to see where they got them from.

2) Cedar Point would NEVER, I repeat, NEVER ask for your soc # by email. If anything, they would direct you to the CP site. It is a HUGE security risk to give information like this by email.

3) As for the sender address, this can be easily masked. If you click the To box, or click reply and look at the addy, it should show it's true form. People do this all the time to send messages to MSU students from "Tom Izzo". Don't be deceived.

::If you have already replied, keep an eye on your credit cards for the next few months. You may want to allert your credit card companies. I'm told you can even hire a company to watch it for you for about $10 a month.::

For those of you that insist that this is not a hoax, I begin to question your motives. Are you behind this or are you just IGNORANT? I sincerely hope it's the latter, I bet this site is being monitered by CP security... something this serious, they'll find out who it is, and procecute. Good luck.

Well, if they are supposedly getting these email address from the address book, then would you like to explain how they got mine... considering it's not even in there??

Did you have aol email? Because your AIM screen name is in there... they could have very easily guessed you might have an aol addy. Or, maybe this person knows you and has your addy. But that is the only possible place they got mine from. Maybe they have more than one source, I don't know. But the only place my hotmail addy is listed is in the addy book. OR MAYBE.... did you put it in last years? Returing employee... maybe. Think outside the box here.

On my term checklist I out my school addy, so that's not where they got mine.
*** Edited 12/3/2005 9:17:53 PM UTC by kikio4o***

I just say that it would be really smart to wait until monday when all the inquiries we have sent into park operations are cleared up and we know for sure whether or not it's legit. Cedar Point can afford to wait two days for our reapplications if it regards our identity safety in question

While I don't know if this stuff is real since I'm not in rides, I can believe that it's a real thing.

After last years employee shortage, next years hiring promises to very competitive for each division at Cedar Point. Hiring was at all time lows last year and all the managers I'm sure just want to be as prepared as possible. As far as Cedar Point goes, you are just a number right now. Your SSN!

Last year my area manager would ask for names of friends and their ssn's for easy application look up. First of all, friends actually show up (over 50% of hired employees don't show up), Plus the hiring manager can then lock the application to prevent other departments from taking an employee.

After doing some hiring for Cedar Point this past season, trust me it's a very competitive thing.
*** Edited 12/3/2005 10:08:41 PM UTC by 901liveson***

Yes, sender addresses can be masked, but in this case there is no masking. Replying to this e-mail will insert the expected e-mail address, and only that e-mail address, in the To: field. The only people who can see an email sent to anything@cedarpoint.com are people who have access to the cedarpoint.com mail servers, so if it were fraud there would be an extremely limited number of people who would be able to access the information (and whoever does have access to this information could easily be traced by law enforcement).

I wouldn't expect a big operation like CP to ask for SSN's via e-mail, either, but all it takes is as little as one person making an oversight and deciding just to send the exact same documents via e-mail that they planned to send anyway via snail mail.

I'm not ignorant, i just have yet to see a single thing that indicates any intent of malice in this e-mail.

BTW, everyone should be keeping an eye on their credit reports anyway. Just go to http://www.annualcreditreport.com every 4 months and get a free report from one of the three major bureaus.

Yeah, Yeah, I'm maXair said:
Well, isnt it a little seedy that its coming from rideopemployees@cedarpoint.com (at least thats what mine was), when we work as "ride hosts" in the "PARK operations" division?

Well... isn't Oz the "Director of Ride Operations"?

Did anyone else notice that this email was sent to several supervisors too? I find that interesting. And again.... there is NO WAY for them to have the email mine came to other than to have gotten from the addy book. CP already has my other email in the system from last time I applied. It doesn't make sense.

Demanding we work ALL weekends if we're within 3-4 hours? Otherwise half? They want people to come back, this would not help matters.

Lord help me if I'm wrong.... but I don't see any possible way this is real.

Why doesn't someone post the headers of the e-mail in question to let someone who might be able to decipher it figure it out?

Okay, straight from the suspect e-mail:

Return-Path: <rideopemployees@cedarpoint.com>
Received: from cedarpoint.com ([64.186.197.53])
by mx.gmail.com with ESMTP id 37si1849813nzf.2005.12.02.14.16.12;
Fri, 02 Dec 2005 14:16:53 -0800 (PST)
Received-SPF: softfail (gmail.com: domain of transitioning rideopemployees@cedarpoint.com does not designate 64.186.197.53 as permitted sender)
Received: from 64.186.207.139 with HTTP
by webserver cedarpoint.com (64.186.197.53) ; Fri, 2 Dec 2005 16:35:49 EST
Date: Fri, 2 Dec 2005 16:35:49 -0500
Message-Id: <200512021635.AA480313646@cedarpoint.com>
Mime-Version: 1.0
Content-Type: multipart/mixed;boundary="==IMail_v8.2=="
From: "rideopemployees" <rideopemployees@cedarpoint.com>
Reply-To: <rideopemployees@cedarpoint.com>

I'm no computer expert, but here is what I see. The message was not only sent from a cedarpoint.com address with a reply-to cedarpoint.com address, but the message was sent from an IP address attached to cedarpoint.com, meaning the message was sent from a CP computer. Someone would have to be a complete idiot if they think they can get away with committing identity theft on CP employees through CP computers.

Plus, the e-mail was sent to some incorrectly-formatted e-mail addresses...e-mail addresses that appear exactly the same in the address book. This makes me think that the addresses were copied and pasted from whatever program was used to make the address books. More evidence that this e-mail was written and sent from the Park Operations office.

Ride Operations management has done an excellent job for several years doing what they do. I just think someone just made a simple mistake by requesting sensitive information by e-mail. *** Edited 12/3/2005 11:04:24 PM UTC by astrosgp***

Well I hate to bust some people's bubbles, but the IP address is NOT a Cedar Point IP. Unless it has changed since the e-mail was sent out.
The IP address for cedarpoint.com is 70.85.70.23 try it, place the ip in the browser bar and hit enter. It should go strait to the home page.

Now I will admit that I don't know everything about how the internet works, but I know that to have a website, you have to have a static IP (one that does not change). The only way that could come from a CP server is if the e-mail server is seperate from the website server (which is entirly possible) but when trying to access the IP in the message all I get is a destination host unreachable.

So take this with a grain of salt (which I would do with any mail that asks for personal information), and wait to hear back from CP and what they say.

Just my .02

OK after a little more digging, I found the WhoIs information for the IP address in the e-mail 64.186.197.53.
Following is a direct paste of the page from http://whois.net

WHOIS Record For
64.186.197.53
Record Type: IP Address

OrgName: Advanced Computer Connections, Inc.
OrgID: ADCC
Address: 166 Milan Avenue
City: Norwalk
StateProv: OH
PostalCode: 44857
Country: US

ReferralServer: rwhois://rwhois.accnorwalk.com:4321

NetRange: 64.186.192.0 - 64.186.207.255
CIDR: 64.186.192.0/20
NetName: ACCNORWALK1-COM-1BLK
NetHandle: NET-64-186-192-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.ACCNORWALK.COM
NameServer: DCA-ANS-01.INET.QWEST.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-08-01
Updated: 2005-11-30

RTechHandle: MC1256-ARIN
RTechName: COWAN, MICHAEL
RTechPhone: +1-419-668-4080
RTechEmail: mikec@accnorwalk.com

OrgAbuseHandle: ABUSE603-ARIN
OrgAbuseName: Abuse Contact
OrgAbusePhone: +1-419-668-4080
OrgAbuseEmail: spamabuse@accnorwalk.com

OrgTechHandle: TECHN147-ARIN
OrgTechName: Technical Contact
OrgTechPhone: +1-419-668-4080
OrgTechEmail: hostmaster@accnorwalk.com<

There you go. *** Edited 12/4/2005 12:05:16 AM UTC by Matthew Drake***

"Advanced Computer Connections, Inc." would be CP's ISP...it's right down the road on 250...

Believe it or not, it's real.
*** Edited 12/4/2005 2:25:56 AM UTC by Mathew***

Then why does the CP website have completly different info.
Just wondering why someone would set it up like that.