dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2974
crypto1969
join:2004-02-23
Jacksonville, FL

crypto1969

Member

[Phishing] McAfee Phish ?

Recived a seemingly legitimate E-Mail from MCAfee this evening with the text below:

Customer Note: This service notification is being sent to McAfee customers who are using an expired or unsupported VirusScan product that no longer receives anti-virus updates.

Recommended Action: Renew or upgrade your anti-virus protection today.

Dozens of new Internet threats come online every day. That's why uninterrupted PC protection is essential to keep your computer, email, downloads and attachments safe from new viruses, mass mailing worms, Trojans and spyware or unknown variants.

Remember, McAfee's proven security protects over 100 million computers worldwide. By renewing or upgrading, you'll enjoy the confidence of always-on, always up-to-date protection.

Sincerely,
McAfee, Inc.

The link the E-Mail contains takes you to this URL:
»us.mcafee.com/root/ar.as ··· id=18018

The E-Mail looks very geuine and has all the right mCAfee logos but firstly the URL alerted me plus the fact that I only just took out a 1 year subscription to the product less than 2 months ago.

Has anyone else seen this Phishing E-Mail?
MGD
MVM
join:2002-07-31

MGD

MVM

The link you posted goes to the mcafee.com domain and will take you to an IP addess registered to mcafee. Unless I am missing something, it does not appear to be a phish. Have you examined the html mail code for other links?

MGD
crypto1969
join:2004-02-23
Jacksonville, FL

crypto1969

Member

Well, my suspicions were aroused by the fact that several of my family members and friends recived this same E-Mail today and none of them use McAfee products whatsoever. Plus the fact that I bought a subscription just 2 months ago.
crypto1969

crypto1969

Member

in addition, the E-Mail I received was sent to a different E-Mail to the one I used for my McAfee subscription. McAfee has never been given the address that I received that notification to.
MGD
MVM
join:2002-07-31

1 edit

MGD to crypto1969

MVM

to crypto1969
Absolutely, being suspicious is always good practice. Especially since you and the others do not "qualify" for that mail.

My observation was only in regards to the link. I have ran across phishes that had malformed code that took you to the legitimate site and not the phish. If you look at the property/deatils/message source of the mail, you should be able to see if there are hidden re directs.

If you could post the header info from the email, XXX out your personal info, leaving the path and originating IP, then we may be able to establish if McAffe was the sender. They may also work through affiliates.

Based on what you have said, it is at least UCE.

MGD
Edit=added text
crypto1969
join:2004-02-23
Jacksonville, FL

crypto1969

Member

unfortunately I deleted the E-Mail soon after looking at it!

I will contact my family and friends and see if anyone saved their E-Maal and will then post the information here.
MGD
MVM
join:2002-07-31

MGD

MVM

Yes, if they can forward it to you as an attachment it will preserve the original headers.

A quick search indicates that there are current McAfee phishes our there;
quote:
Fake McAfee "Anti Kingo31.XRW Patch"
Thanks to the good folks at F-Secure for warning us (and McAfee) about a fake McAfee site that downloads an alleged patch for an alleged virus called "Kongo31.XRW" (which doesn't exist). The site uses the domain name "mcafee-center.net" and is hosted in Canada. The patch is actually infected with Trojan-Downloader.Win32.Hanlo.h.

source: »blog.ziffdavis.com/seltz ··· 467.aspx

MGD