Brazil Government Hacked?

Scammer Security Spammer

Here is an email we see going around and it is interesting as these worthless scum are actually using what appears to be a Brazilian Government Email Server to send emails.

The email looks like: with just RE: in subject.

FromPesch H sirbwigs@gmail.com
ToPesch H sirbwigs@gmail.com
Reply-ToPesch H xn077731-hp@yahoo.com
Date

did you receive my email were I expressed my interested in doing business with you ?

************************************************************************

Now looking into this email we see that it appears to come from mxs2.se.gov.br ([187.17.2.200]) which traces back to an actual email server. Even more interesting is that these worthless thieves are also using this government email server as a proxy to send emails.

I guess this government doesn’t do any maintenance, doesn’t check logs often, and they don’t do common maintenance, otherwise this strange activity would have been caught by now.

What is even more interesting is how a GMAIL address is being bounced through this email server. No email server checks enabled to stop this which is just lazy and moronic (That is if this is how it was configured). One other thought is someones account was compromised.

RED FLAG! – One major flag is whenever someone uses a different return email address than the actual sender email address. This is typical of email addresses that have been faked and also common for scammer thieving scumbags to do. They want you to think it is from gmail.com however they want to check these emails at yahoo.com and it is a way to try and hide their tracks.

RED FLAG! – Now checking further into this email we see that it came from Africa. 105.112.99.70 <- Email comes from this IP and then gets relayed abais.se.gov.br and then goes through 187.17.2.200 without issues.

Now we checked to see if this is an actual Government Server and it does verify as legitimate. Government Employee and Services Email Route to this server. This is not good, Has the Brazilian Government been hacked and they have no clue?!?! Or is it that the person who setup this email server has no clue what they are doing?