Who are these people?

I am simply amazed that

1) Someone thought this would work.

2) They’re probably right.

Ads are one thing, pure fraud is quite another. The original email was base64 encoded HTML, with the form post calling http://secure.fethard.biz/clients/login.jsp. The domain fethard.biz has been pulled by the registrar as a spamming domain.

From: Fethard-biz Manager Date: Thu Aug 14, 2003 09:01:06 US/Eastern To: pvenezia@jpj.net Subject: You credit card has been charged for $234.65 Reply-To: Fifine_Rosa@bellsouth.net Return-Path: pvenezia[a]blues.jpj.net Received: from trip.jpj.net ([unix socket]) by trip.jpj.net (Cyrus v2.1.9) with LMTP; Wed, 13 Aug 2003 20:05:12 -0400 Received: from blues.jpj.net (blues.jpj.net [208.210.80.156]) by trip.jpj.net (8.12.8/8.12.5) with ESMTP id h7E05BgF009688 for pvenezia[a]trip.jpj.net; Wed, 13 Aug 2003 20:05:11 -0400 Received: from blues.jpj.net (localhost.jpj.net [127.0.0.1]) by blues.jpj.net (8.12.9/8.12.3) with ESMTP id h7E05BxN082112 for pvenezia[a]trip.jpj.net; Wed, 13 Aug 2003 20:05:11 -0400 (EDT) (envelope-from pvenezia[a]blues.jpj.net) Received: (from pvenezia@localhost) by blues.jpj.net (8.12.3p2/8.12.3/Submit) id h7E05BbS082111 for pvenezia@trip.jpj.net; Wed, 13 Aug 2003 20:05:11 -0400 (EDT) Received: from ameritech.net (adsl-68-74-126-4.dsl.emhril.ameritech.net [68.74.126.4]) by blues.jpj.net (8.12.9/8.12.3) with SMTP id h7E04lxN081993 for pvenezia[a]jpj.net; Wed, 13 Aug 2003 20:04:55 -0400 (EDT) (envelope-from Fifine_Rosa@bellsouth.net) Received: from adsl-68-74-126-4.dsl.emhril.ameritech.net (adsl-68-74-126-4.dsl.emhril.ameritech.net [68.74.126.4]) by ameritech.net (8.12.8p1/8.12.8) with ESMTP id fqmsx952766 for pvenezia[a]jpj.net; Thu, 14 Aug 2003 09:01:08 -0400 (EST) X-Sieve: CMU Sieve 2.2 X-Mailer: The Bat! (v1.61) Personal X-Priority: 3 (Normal) Message-Id: <55406378.4680083525006@bellsouth.net> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="