how-to block ads
|
kdeuser
join:2000-08-30
Suwanee, GA
| Phishing E-Mail This appeared in my in-box this morning:
Notice to AT&T Internet Customers,
This message is from AT&T Customer Service messaging center to all AT&T account owners:
We are currently upgrading our data base e-mail account center. We are deleting all unused AT&T email account to create more space for new customers.
To prevent your account from closing you will have to update it as below so that we will know that it's a present used account.
To complete your AT&T e-mail account update, you must reply to this email immediately and enter your informations below.
Log in information @ your Domain
Name:
Email Address:
Password:
Alternative e-mail:
Password:
NOTE : Failure to do this will immediately render your AT&T e-mail address deactivated from our database.
Warning!!! Please do not ignore this message to avoid losing your e-mail account with us.
Sorry for any inconvenience this may cause you.
Thank you for your cooperation
Sincerely,
Your AT&T Internet Service Customer Care Team
©2009 AT&T Intellectual Property.
All rights reserved. AT&T, AT&T logo and all other marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. | |
|  RJ44
join:2001-10-19
Nashville, TN | Re: Phishing E-Mail LOL! My wife got that a week or two ago. It's really not so bad as phishing goes. The grammar mistakes aren't as glaring as the ones from Nigeria are. But it's still pretty obvious. | |
| 
graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
| Next time you want to share something like this with us, it would be better if you included all the headers of the original message, not just message body. Sanitize sensitive items like your email address if it appears in the headers.
ATT or any other responsible ISP would never send a message like this out to their users or require a user to provide details like those requested to prevent deactivation of an address.
However, I suppose there are some out there that will fall for it and provide the information requested. They deserve what they get. | |
| | 
heels_fan
1.20.09 The start of Socialism
Premium
join:2003-02-07
Columbia, TN
| Re: Phishing E-Mail said by graysonf  :However, I suppose there are some out there that will fall for it and provide the information requested. They deserve what they get. I know right off the top of my head about 15 customers who have responded to emails just like that.
--
everyone is born ignorant. some are born stupid, others achieve stupidity and the rest have stupidity thrust upon them. | |
| | |
graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL | Re: Phishing E-Mail Well, there are whole industries that revolve around the pain and suffering of others caused by their own lack of common sense or outright stupidity.
If everyone wised up, they'd all go broke. | |
| kdeuser
join:2000-08-30
Suwanee, GA
| Header info:
X-Apparently-To: xxxxxxxxxxxxxxxxxx
; Wed, 01 Jul 2009 13:45:25 -0700
X-YMailISG: mrezqtEWLDsI2JRbdMMtaQGgJJtiePlAnkmu59F1QMMclAtZXYPO8BgrHUicsuMzSN8HBTqx1opKnl98XU NRInxyU.nyf5K1gZ0AdsD3GfZhsNPOe92vkjvCNFIpLeePHgY7TDL723IhqjHYU9J0X2RhBzdoWhoPAsp.rBDPCatS3MCSatuZ3bwK03zwaMg.XBicfYTpNYTQ4T1NyMYmfH9Hzf8VZszUFCTWmW10tOKGeMkZlJOi__JvVaeDMbinWaxeyo7SiOeMgS4KXg2ThpZBpfXUMNvhOrnRVgitLHxkaGmO_tWRauFhDa03vcbU93mnzYW8Fzrbn9LV4SAYMj2yiDTf11bgz3THEcljgnBWDO2zw1j42g--
X-Originating-IP: [65.55.111.174]
Authentication-Results: mta132.sbc.mail.re3.yahoo.com from=msn.com; domainkeys=neutral (no sig); from=msn.com; dkim=neutral (no sig)
Received: from 207.115.11.33 (EHLO fgateway03.isp.att.net) (207.115.11.33)
by mta132.sbc.mail.re3.yahoo.com with SMTP; Wed, 01 Jul 2009 13:45:20 -0700
Received: from blu0-omc4-s35.blu0.hotmail.com ([65.55.111.174])
by isp.att.net (frfwmxc03) with ESMTP
id ; Wed, 1 Jul 2009 20:45:18 +0000
X-Originating-IP: [65.55.111.174]
Received: from BLU114-W20 ([65.55.111.136]) by blu0-omc4-s35.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 1 Jul 2009 13:42:37 -0700
Message-ID:
Content-Type: multipart/alternative;
boundary="_1e74323f-0242-4fc9-be00-5b7e9093a024_"
X-Originating-IP: [8.9.222.1]
Reply-To:
From: ATT Customer Center
Subject: Notice To AT&T Internet Customers Account Upgrading And Phone
Package.
Date: Wed, 1 Jul 2009 20:42:38 +0000
Importance: Normal
MIME-Version: 1.0
Bcc:
X-OriginalArrivalTime: 01 Jul 2009 20:42:37.0931 (UTC) FILETIME=[78696BB0:01C9FA8C] | |
| |
graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL | Re: Phishing E-Mail Apparently originated from Hotmail. | |
| | NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
 ·Pacific Bell - SBC
| You should have bracketed those headers with a pair of "code" tags. That would have avoided the margin blow out.
The source of this email is some Hotmail account.
Bellsouth has long blocked outbound port 25, as has AT&T (Worldnet Service). SBC joined the list of ISPs blocking outbound port 25 in the Spring of 2005. So that covers the mergers bringing us to the current AT&T (all of which blocks outbound port 2). Many other ISPs block outbound port 25, or are moving toward such blocks. The result is that spammers are finding it harder to use compromised residential hosts to connect directly to domain gateway (MX) servers to inject spam into those systems.
In addition, more ISPs are setting up authenticated SMTP message submission servers in order to allow their users to access those servers from wireless hotspots, hotels, libraries, and the like. So spammers have found that it is worth the effort to use social engineering to "phish" for email login credentials (as your example demonstrates). The hapless user who complies with this bogus demand gives up his account access to a spammer, who can now send spam through the authenticated SMTP message submission server.
I have actually seen a couple of examples, where the spammer used a compromised Comcast account to send spam using stolen ATTIS email accounts. This resulted in the ATTIS SMTP servers being listed for spam, incidentally.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum | |
| | | | |
|
·