Fraudulent E-mail for Ride Operators

They decided to do something new this year, they used email addresses from the book. I know for a fact these are from CP.


Ride Op '02-'07

Good job, Matt! I knew you were smart enough to figure it out!!! I received these same documents the last two years in the mail before I even applied. In fact, if you go to the file information for the special request form (this was always printed on yellow paper), you will see that file was originally created in December 2003 by "kyerage". They just updated it the last two years with new dates, but sent it via e-mail this year. That's what I've been saying all along!


Screw Crew 2003-2004
Magnum Crew 2005

Not getting into the real or not debate..

Just wondering, if it is real, why would they use the address book to send it out if not everyone's emails are in the address book in the first place and of the ones that are not all of them are correct?

OWN3D!!!!!1111 ;)


<Matt>
101 on Magnum and counting...

What exactly did the email say - my address was wrong in the address book (someone entered umich.eud instead of umich.edu...)

Hey, good job asking that question cause I definately forgot to when I made my post. (mine's wrong too)

The title was "Ride Operations."

Enclosed is rehire information for the 2006 season. If you have any problems
opening the attachments please email us back.
Thank You


2005/2006: Cedar Point - Millennium Force
2007/2008/2009: Walt Disney World - Magic Kingdom - Tomorrowland Speedway
2008: Hard Rock Park - Maximum RPM! Opening Supervisor
2008/2009: Universal Orlando - Men in Black: Alien Attack Team Leader, Guest Services Coordinator

Hmm, guess it doesn't really matter I forgot to ask then.. lol

Walt's avatar

Matthew Drake said:
Then why does the CP website have completly different info.
Just wondering why someone would set it up like that.

The ISP they use for Internet access is different than the ISP they use for their web site.


Walt Schmidt - Co-Publisher, PointBuzz
PointBuzz on Twitter | Facebook | YouTube
Home to the Biggest Fans of the World's Best Amusement Park

OK I short of understand why someone would set up with 2 different IP's like that. (I just get both e-mail and webhosting from my ISP, and it does both well)
Thanks

Walt's avatar

Their local ISP would never be able to handle the web site traffic.


Walt Schmidt - Co-Publisher, PointBuzz
PointBuzz on Twitter | Facebook | YouTube
Home to the Biggest Fans of the World's Best Amusement Park

Their website might not even be hosted near the park itself.

But the ISP they use for their work connections has to be.


-Greaseman

2007: Wicked Twister TL
2006: Disaster Transport ATL
2005: Raptor

Ding dong, reverse DNS:

Location: United States [City: Norwalk, Ohio]

Preparation:
The reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.
So, the reverse DNS entry for 64.186.197.53 is found by looking up the PTR record for
53.197.186.64.in-addr.arpa.
All DNS requests start by asking the root servers, and they let us know what to do next.
See How Reverse DNS Lookups Work for more information.

How I am searching:
Asking a.root-servers.net for 53.197.186.64.in-addr.arpa PTR record:
a.root-servers.net says to go to basil.arin.net. (zone: 64.in-addr.arpa.)
Asking basil.arin.net. for 53.197.186.64.in-addr.arpa PTR record:
basil.arin.net [192.55.83.32] says to go to ns1.accnorwalk.com. (zone: 197.186.64.in-addr.arpa.)
Asking ns1.accnorwalk.com. for 53.197.186.64.in-addr.arpa PTR record: Reports mail.cedarpoint.com. [from 64.186.192.2]

Answer:
64.186.197.53 PTR record: mail.cedarpoint.com. [TTL 86400s] [A=None] *ERROR* There is no A record.

Tada, it has come from a CP mailserver. Now, this isn't to say the server hasn't been hacked with that account set up on it. Cedar Point's IT department isn't exactly the most advanced one out there.... However, this email (especially one containing two attachments) would generate a noticable amount of traffic that even an idiot admin would notice.

I just talked to Steve Voorhees and he said that the email is from Park Operations. It is the same forms they have used in the past. They are just using email now instead of sending it through the mail.


Rusty
1999-2003 Ride Operator
2004 Season Pass Holder
2005 TL Monster/Witches' Wheel
2006 TL Mine Ride

Just got a reply from management and it turns out it was a legitimate e-mail. How about that huh! lol oh well better safe then sorry.. Start replying everyone!

Anyone can make a mistake but this one makes me laugh especially hard. Not specifically at you, Scott04, but more the people who followed like sheep and were absolutely 100% POSITIVE that they were being "had."

:)

In case anyone is still curious, I believe CP's website server is actually located in Boston. Walt is exactly correct, ACC would not have even close to enough space to host the website.

So now that we have that settled... I have a question:

Are we just supposed to edit the documents and e-mail them back? And attach anything else?


-Greaseman

2007: Wicked Twister TL
2006: Disaster Transport ATL
2005: Raptor

So what do they people do that didn't get the email because their addresses are incorrect?

I just took the document, put in my info, and sent it back.


2005/2006: Cedar Point - Millennium Force
2007/2008/2009: Walt Disney World - Magic Kingdom - Tomorrowland Speedway
2008: Hard Rock Park - Maximum RPM! Opening Supervisor
2008/2009: Universal Orlando - Men in Black: Alien Attack Team Leader, Guest Services Coordinator

You must be logged in to post

POP Forums app ©2024, POP World Media, LLC - Terms of Service