Fraudulent E-mail for Ride Operators

They decided to do something new this year, they used email addresses from the book. I know for a fact these are from CP.

Good job, Matt! I knew you were smart enough to figure it out!!! I received these same documents the last two years in the mail before I even applied. In fact, if you go to the file information for the special request form (this was always printed on yellow paper), you will see that file was originally created in December 2003 by "kyerage". They just updated it the last two years with new dates, but sent it via e-mail this year. That's what I've been saying all along!

Not getting into the real or not debate..

Just wondering, if it is real, why would they use the address book to send it out if not everyone's emails are in the address book in the first place and of the ones that are not all of them are correct?

OWN3D!!!!!1111 ;)

What exactly did the email say - my address was wrong in the address book (someone entered umich.eud instead of umich.edu...)

Hey, good job asking that question cause I definately forgot to when I made my post. (mine's wrong too)

The title was "Ride Operations."

Enclosed is rehire information for the 2006 season. If you have any problems
opening the attachments please email us back.
Thank You

Hmm, guess it doesn't really matter I forgot to ask then.. lol

Matthew Drake said:
Then why does the CP website have completly different info.
Just wondering why someone would set it up like that.

The ISP they use for Internet access is different than the ISP they use for their web site.

OK I short of understand why someone would set up with 2 different IP's like that. (I just get both e-mail and webhosting from my ISP, and it does both well)
Thanks

Their local ISP would never be able to handle the web site traffic.

Their website might not even be hosted near the park itself.

But the ISP they use for their work connections has to be.

Ding dong, reverse DNS:

Location: United States [City: Norwalk, Ohio]

Preparation:
The reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.
So, the reverse DNS entry for 64.186.197.53 is found by looking up the PTR record for
53.197.186.64.in-addr.arpa.
All DNS requests start by asking the root servers, and they let us know what to do next.
See How Reverse DNS Lookups Work for more information.

How I am searching:
Asking a.root-servers.net for 53.197.186.64.in-addr.arpa PTR record:
a.root-servers.net says to go to basil.arin.net. (zone: 64.in-addr.arpa.)
Asking basil.arin.net. for 53.197.186.64.in-addr.arpa PTR record:
basil.arin.net [192.55.83.32] says to go to ns1.accnorwalk.com. (zone: 197.186.64.in-addr.arpa.)
Asking ns1.accnorwalk.com. for 53.197.186.64.in-addr.arpa PTR record: Reports mail.cedarpoint.com. [from 64.186.192.2]

Answer:
64.186.197.53 PTR record: mail.cedarpoint.com. [TTL 86400s] [A=None] *ERROR* There is no A record.

Tada, it has come from a CP mailserver. Now, this isn't to say the server hasn't been hacked with that account set up on it. Cedar Point's IT department isn't exactly the most advanced one out there.... However, this email (especially one containing two attachments) would generate a noticable amount of traffic that even an idiot admin would notice.

I just talked to Steve Voorhees and he said that the email is from Park Operations. It is the same forms they have used in the past. They are just using email now instead of sending it through the mail.

Just got a reply from management and it turns out it was a legitimate e-mail. How about that huh! lol oh well better safe then sorry.. Start replying everyone!

Anyone can make a mistake but this one makes me laugh especially hard. Not specifically at you, Scott04, but more the people who followed like sheep and were absolutely 100% POSITIVE that they were being "had."

:)

In case anyone is still curious, I believe CP's website server is actually located in Boston. Walt is exactly correct, ACC would not have even close to enough space to host the website.

So now that we have that settled... I have a question:

Are we just supposed to edit the documents and e-mail them back? And attach anything else?

So what do they people do that didn't get the email because their addresses are incorrect?

I just took the document, put in my info, and sent it back.