crypto1969
join:2004-02-23
Jacksonville, FL
| [Phishing] McAfee Phish ?
Recived a seemingly legitimate E-Mail from MCAfee this evening with the text below:
Customer Note: This service notification is being sent to McAfee customers who are using an expired or unsupported VirusScan product that no longer receives anti-virus updates.
Recommended Action: Renew or upgrade your anti-virus protection today.
Dozens of new Internet threats come online every day. That's why uninterrupted PC protection is essential to keep your computer, email, downloads and attachments safe from new viruses, mass mailing worms, Trojans and spyware or unknown variants.
Remember, McAfee's proven security protects over 100 million computers worldwide. By renewing or upgrading, you'll enjoy the confidence of always-on, always up-to-date protection.
Sincerely,
McAfee, Inc.
The link the E-Mail contains takes you to this URL:
»us.mcafee.com/root/ar.asp?id=vs&···id=18018
The E-Mail looks very geuine and has all the right mCAfee logos but firstly the URL alerted me plus the fact that I only just took out a 1 year subscription to the product less than 2 months ago.
Has anyone else seen this Phishing E-Mail? |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL | The link you posted goes to the mcafee.com domain and will take you to an IP addess registered to mcafee. Unless I am missing something, it does not appear to be a phish. Have you examined the html mail code for other links?
MGD |
|
crypto1969
join:2004-02-23
Jacksonville, FL | Well, my suspicions were aroused by the fact that several of my family members and friends recived this same E-Mail today and none of them use McAfee products whatsoever. Plus the fact that I bought a subscription just 2 months ago. |
|
crypto1969
join:2004-02-23
Jacksonville, FL | in addition, the E-Mail I received was sent to a different E-Mail to the one I used for my McAfee subscription. McAfee has never been given the address that I received that notification to. |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
edit:
December 20th, @10:33PM
| reply to crypto1969
Absolutely, being suspicious is always good practice. Especially since you and the others do not "qualify" for that mail.
My observation was only in regards to the link. I have ran across phishes that had malformed code that took you to the legitimate site and not the phish. If you look at the property/deatils/message source of the mail, you should be able to see if there are hidden re directs.
If you could post the header info from the email, XXX out your personal info, leaving the path and originating IP, then we may be able to establish if McAffe was the sender. They may also work through affiliates.
Based on what you have said, it is at least UCE.
MGD
Edit=added text |
|
crypto1969
join:2004-02-23
Jacksonville, FL | unfortunately I deleted the E-Mail soon after looking at it!
I will contact my family and friends and see if anyone saved their E-Maal and will then post the information here. |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| Yes, if they can forward it to you as an attachment it will preserve the original headers.
A quick search indicates that there are current McAfee phishes our there;
quote:
Fake McAfee "Anti Kingo31.XRW Patch"
Thanks to the good folks at F-Secure for warning us (and McAfee) about a fake McAfee site that downloads an alleged patch for an alleged virus called "Kongo31.XRW" (which doesn't exist). The site uses the domain name "mcafee-center.net" and is hosted in Canada. The patch is actually infected with Trojan-Downloader.Win32.Hanlo.h.
source: »blog.ziffdavis.com/seltzer/archi···467.aspx
MGD |
|
