MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL | reply to crypto1969
Re: [Phishing] McAfee Phish ?
The link you posted goes to the mcafee.com domain and will take you to an IP addess registered to mcafee. Unless I am missing something, it does not appear to be a phish. Have you examined the html mail code for other links?
MGD |
|
crypto1969
join:2004-02-23
Jacksonville, FL | Well, my suspicions were aroused by the fact that several of my family members and friends recived this same E-Mail today and none of them use McAfee products whatsoever. Plus the fact that I bought a subscription just 2 months ago. |
|
crypto1969
join:2004-02-23
Jacksonville, FL | in addition, the E-Mail I received was sent to a different E-Mail to the one I used for my McAfee subscription. McAfee has never been given the address that I received that notification to. |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
1 edit | reply to crypto1969
Absolutely, being suspicious is always good practice. Especially since you and the others do not "qualify" for that mail.
My observation was only in regards to the link. I have ran across phishes that had malformed code that took you to the legitimate site and not the phish. If you look at the property/deatils/message source of the mail, you should be able to see if there are hidden re directs.
If you could post the header info from the email, XXX out your personal info, leaving the path and originating IP, then we may be able to establish if McAffe was the sender. They may also work through affiliates.
Based on what you have said, it is at least UCE.
MGD
Edit=added text |
|
crypto1969
join:2004-02-23
Jacksonville, FL | unfortunately I deleted the E-Mail soon after looking at it!
I will contact my family and friends and see if anyone saved their E-Maal and will then post the information here. |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| Yes, if they can forward it to you as an attachment it will preserve the original headers.
A quick search indicates that there are current McAfee phishes our there;
quote:
Fake McAfee "Anti Kingo31.XRW Patch"
Thanks to the good folks at F-Secure for warning us (and McAfee) about a fake McAfee site that downloads an alleged patch for an alleged virus called "Kongo31.XRW" (which doesn't exist). The site uses the domain name "mcafee-center.net" and is hosted in Canada. The patch is actually infected with Trojan-Downloader.Win32.Hanlo.h.
source: »blog.ziffdavis.com/seltzer/archi···467.aspx
MGD |
|
