dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5411
share rss forum feed


MediacomChad
Mediacom Social Media Relations Team
Premium,VIP
join:2010-01-20
Gulf Breeze, FL
kudos:118

1 recommendation

[Cable HSI] Phishing Emails

We are currently getting multiple complaints about a couple phishing emails that are going out. Please do no respond to these email. They are not from Mediacom.




Sengfeng

join:2006-10-16
Moline, IL
Email mega bytes memory? Good Lord - The spammers aren't even somewhat intelligent any more.

twhiting9275

join:2002-08-30
Waterloo, IA
reply to MediacomChad
People still fall for that "Give us your username and password" stuff? Really???


lotusracer
Premium
join:1999-11-26
Moline, IL
Reviews:
·Mediacom
reply to MediacomChad
A new "twist" to the phishing emails:

I just got this e-mail from Mediacom. Oddly, the "return" e-mail address is: zhejiang@collector.org

This is a notify you that a DFXG virus has been
detected in the mailbox, to prevent the spread
this virus and prevent causing damage to your important
files in your mailbox, you must provide us with
following information to stop the spread of the virus,
into our Webmail System information fill the requested
information below;

Mchsi Email ID:..................
Password: ..................
Confirm Password :............

If you insist not to sent the informations needed above with
the next 48hours of this notices,leave us no choice but to
Close your mail account from our Web Mail system,
that resulted in lost of e-mail ID.

Thanks

Mediacom Internet Webmail
--
Humanity - The greatest natural disaster of all time.

jejones3141

join:2009-11-16
Clive, IA
reply to MediacomChad
They're still at it. Got one timestamped Nov. 20, 2011 at 3:54 a.m., claiming Mediacom is upgrading their webmail service and asking for email, password, and date of birth. The from address... well, it could be anything, and I presume phishers, like spammers, either use zombies or fill in the from address of someone they might want to harrass, so I won't mention it. The reply-to address, OTOH, is "upgrade_services@pkuit.com", and whois shows it as a domain registered through godaddy.com and claiming to be registered (and administered, etc.) by

XUE LIREN
QiaoDongQuYiDeLong
XingTai, 054001
China


goldentoad

@mchsi.com
reply to MediacomChad
Got another one of these an Feb 10th, 2012. Full headers/message here:

Return-Path: alisha@madisontelco.com
Received: from dsmdc-mail-imta-02-svc.mcomdc.com (LHLO dsmdc-mail-imta-02)
(10.4.20.253) by dsmdc-mail-mbs3-svc.mcomdc.com with LMTP; Tue, 14 Feb 2012
19:29:46 -0600 (CST)
Received: from gamma1.madisontelco.com ([66.242.192.197])
by dsmdc-mail-imta-02 with bizsmtp
id a1Vk1i00d4Fzz1N011VktK; Tue, 14 Feb 2012 19:29:45 -0600
X-Spam-Flag: YES
X-Authority-Analysis: v=2.0 cv=SbN1h4tu c=0 sm=1 p=KExcfAFrc7A6loFi9g0A:9
a=2rAYIZHeBB3C9ddEC+32qA==:17 a=UStv9yPA48kA:10 a=63NBN8JBsjIA:10
a=8nJEP1OIZ-IA:10 a=2rAYIZHeBB3C9ddEC+32qA==:117
Received: from gamma1.madisontelco.com (localhost.localdomain [127.0.0.1])
by gamma1.madisontelco.com (8.13.8/8.13.8) with ESMTP id q1F1Tgxh008769;
Tue, 14 Feb 2012 19:29:42 -0600
Received: from ns.madisontelco.com (ns.madisontelco.com [66.242.192.138])
by gamma1.madisontelco.com (gamma1.madisontelco.com [172.19.1.11]) envelope-from with ESMTP
id o1DJYf0301436645yI ret-id none; Tue, 14 Feb 2012 19:29:43 -0600
Received: from webmail.madisontelco.com (localhost [127.0.0.1])
by ns.madisontelco.com (8.14.3/8.14.3) with ESMTP id q1B1f5Hc181650;
Fri, 10 Feb 2012 19:41:05 -0600 (CST)
Received: from 41.218.227.172
(SquirrelMail authenticated user alisha)
by webmail.madisontelco.com with HTTP;
Fri, 10 Feb 2012 19:41:06 -0600 (CST)
Message-ID:
Date: Fri, 10 Feb 2012 19:41:06 -0600 (CST)
Subject: Dear Mchsi Account User
From: "Web Information Department"
Reply-To: upgradeteam1@ozu.es
User-Agent: SquirrelMail/1.4.17
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-smtpf-Report: sid=o1DJYL030143664500; tid=o1DJYf0301436645yI; client=relay,ipv6; mail=; rcpt=; nrcpt=50:0; fails=0
Received-SPF: None; receiver=gamma1.madisontelco.com; client-ip=66.242.192.138; helo=
Received-SPF: None; receiver=gamma1.madisontelco.com; client-ip=66.242.192.138; envelope-from=
X-Spam-Status: NO, score=3.40 required=4.50
X-Spam-Level: xxx

Dear Mchsi Account User,

We are currently performing maintenance for our
Digital Webmail Customers. We intend up-grading
our Digital Webmail Security Server for better
online services.

In order to ensure you do not experience service
interruption and Spam Mail,Please you must reply to this email
immediately and enter your

Email Username:
Email password :
Country:
State:
Date of Birth:

And Check out your new features and enhancements
with your new and improved Webmail Account,To
enable us up-grade your Webmail Account for better
online services please reply to this mail.

Thank You For Using Mchsi Webmail Account


Looks like it got routed through Staunton Madison Telephone Company's ISP, so probably a bot, so I also forwarded it to their abuse email.


Santa Fe
Living With Diabetes.
Premium,Mod
join:2000-08-22
Freight Yard
kudos:5
reply to MediacomChad
So who DO we see about low Mega-Bite E-Mail memory?

Aren't site problems fun? .........NOT!
--
Explore Xubuntu. Like It? Install It. [Love It]!