| What kind of Phish do you like? Today's e-mail:
Dear (my real first name!)
In an effort to improve your online experience, we're making enhancements to telus.com for your TELUS home services. As part of these updates, we're changing the online account login process from a username to an email address. This means that you'll need to change your login to an email address and never have to worry about remembering your username again.
Update your login information today
Please log into your online account at telus.com and change your username to an email address - this can be done in three very easy steps. Plus, when you make this update before February 25, 2012 you'll automatically be entered for a chance to win either and iPad 2 tablet or a $300 prepaid mastercard.
For more information on updating your account and contest details please visit telus.com/updatelogin
Hovering on the link shows a loooong redirection to "cl.exct.net/?qs=blahblahblah..........."
-
I don't see any messages about this on the actual Telus login page, so I assume this is just more Phishing, hoping I'll click the link and confirm my e-mail for even more spam? |
|
| Did you forward the email to abuse@telus.com? |
|
| Yes, forwarded. |
|
| reply to Lite_Me_Up
got the same email...forwarded it to abuse@telus.com....15 minutes later, I got a reply.
"Hello,
This is actually a legitimate email from TELUS. The link resolves to TELUS’ domain and then to a secure https login page.
If you no longer wish to receive these emails from TELUS, please use the unsubscribe link located at the bottom of the email.
Regards,
Alan
Internet Abuse Team Member
TELUS Communications
Email: abuse@telus.com
»www.mytelus.com/internet/policies/TISAA.do - TELUS Internet Services Account Agreement
»www.mytelus.com/internet/policies/display.do - Acceptable Use Policy " |
|
|
|
| reply to Lite_Me_Up
and when i already have my email as my username.... then i can't win? that sucks |
|
 XT0RTS3x, Drugs, War
join:2001-07-28
Edmonton, AB | reply to Lite_Me_Up
Look at the header of the email before you think it's actually a phish. X-Originating-IP or similar is what you are looking for. If the IP is not tied to Telus, then report it.
--
Core i7 2720QM : GTX 485M @ 580M : 8GB DDR3-1333 : 320GB x 2 in RAID 0 : Windows 7 Professional x64 SP1
Anonymous posts are filtered. |
|
| reply to Lite_Me_Up
said by Lite_Me_Up:For more information on updating your account and contest details please visit telus.com/updatelogin
Hovering on the link shows a loooong redirection to "cl.exct.net/?qs=blahblahblah..........."
I would have trashed it also. |
|
| reply to Lite_Me_Up
Tracing route to cl.exct.net [66.231.91.72]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 192.168.1.254
2 9 ms 8 ms 8 ms xx.xx.xxx.xxx
3 10 ms 10 ms 9 ms 173.182.209.26
4 11 ms 10 ms 10 ms 173.182.214.131
5 10 ms 10 ms 11 ms 154.11.22.114
6 60 ms 61 ms 60 ms chcgildtgr00.bb.telus.com [154.11.11.30]
7 65 ms 65 ms 65 ms 173.182.200.2
8 65 ms 65 ms 65 ms 192.205.37.173
9 69 ms 67 ms 69 ms cr1.cgcil.ip.att.net [12.122.84.54]
10 67 ms 68 ms 68 ms cr83.cgcil.ip.att.net [12.123.7.109]
11 66 ms 67 ms 66 ms gar2.chail.ip.att.net [12.122.132.89]
12 66 ms 66 ms 66 ms 12.117.232.26
13 102 ms 102 ms 102 ms Gi2-20.RRB.IND.IQuest.net [206.246.181.77]
14 99 ms 99 ms 99 ms Gi8-1.CustomerB.IND.IQuest.net [206.246.181.6]
15 102 ms 102 ms 102 ms cl.exct.net [66.231.91.72]
Trace complete.
IP look up says it's registered in INDIANAPOLIS, INDIANA
I notified both the Telus and EXACTTARGET.COM abuse departments. I was very surprised to get a reply back from Telus, saying the email was legit. |
|
| reply to river_ratbc
said by river_ratbc:got the same email...forwarded it to abuse@telus.com....15 minutes later, I got a reply.
"Hello,
This is actually a legitimate email from TELUS. The link resolves to TELUS’ domain and then to a secure https login page. I also got the same reply, and the link *eventually* leads to a Telus page.
After doing whatever exct.com did with the long ID string, it goes to »www.telus.com/content/standalone···e-login/ , which is NOT an httpS page, nor does it have the same name as the clickable link in the email.
At the bottom of that page the link Get Started Now points at »www.telus.com/identity/changeUsername.do (which IS an httpS), pauses for a second then FINALLY dumps me at my regular httpS login page of »www.telus.com/unprotected/login.···......."
I'm betting a large number of customers noticed the "redirection" in the link, and just deleted the e-mail as a scam. Perhaps Telus should read up on the basics of Phishing, and how NOT to copy their techniques.
Hey, Telus! Click here for pictures of butterflies:
Pretty Butterflies. |
|
| reply to Lite_Me_Up
The one I got yesterday had the wrong date for the contest. But it did have the proper real world first name on the notice.
"Plus, when you make this update before December 10, 2011"
The un-subscribe link starts with:
If you no longer wish to receive TELUS communications, please......
http : //cl.exct .net/
Otherwise almost all the important links got to Telus. But I tend to ignore links in email and go direct if needed. I also don't allow images from remote links to load into the email either.
Senders IP address details:
Received: from ay119.mta. exacttarget .com ([68.232.197.119])
IP Information - 68.232.197.119
IP address: 68.232.197.119
Reverse DNS: ay119.mta.exacttarget.com.
Reverse DNS authenticity: [Verified]
ASN: 23005
ASN Name: SWITCH-COMMUNICATIONS
IP range connectivity: 9
Registrar (per ASN): ARIN
Country (per IP registrar): US [United States]
Country Currency: USD [United States Dollars]
Country IP Range: 68.232.128.0 to 68.232.255.255
Country fraud profile: Normal
City (per outside source): Indianapolis, Indiana
Country (per outside source): US [United States]
Private (internal) IP? No
IP address registrar: whois.arin.net
Known Proxy? No
Link for WHOIS: 68.232.197.119 |
|
| reply to Lite_Me_Up
The link does take you to the location mentioned above, where it redirected.
--------------------------------------------------------
Click the link below if the page does not load in 5 seconds
Go to your link
--------------------------------------------------------
My browser is set to not follow redirects, so if I had got the email, that is as far as I would have gone. Redirects were designed to handle cases where a web page has been moved. This is exactly what social engineering hackers do, and redirects are generally not to be trusted.
This is not the way that Telus should run it's business. If enough people send the email to abuse@telus.com, maybe they will get the message. |
|
