Welcome to WebmasterWorld Guest from 54.147.212.173

Forum Moderators: lawman

Message Too Old, No Replies

Phishing Email

     
3:02 pm on Oct 14, 2009 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38070
votes: 16


There is a Phishing spam email going around right now, claiming to be from WebmasterWorld and asking you to enter your webmasterworld login info. This is not from us. Please check the headers of the email.

example headers of phish email:

[headers]
Received: from 190.52.234.51 by mail.richardanthony.com; Wed, 14 Oct 2009 10:49:46 -0400
From: "alerts@webmasterworld.com" <alerts@webmasterworld.com>
To: <brett@webmasterworld.com>
Subject: The settings for the brett@webmasterworld.com were changed
Date: Wed, 14 Oct 2009 10:49:46 -0400
Message-ID: <000d01ca4cdd$92c99bd0$6400a8c0@jrqat253>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0006_01CA4CDD.92C99BD0"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Importance: Normal
X-IMAPbase: 1171399645 4237822960
Status: O
X-UID: 4237822957
Content-Length: 2377
X-Keywords:

[/headers]

The body of the email looks similar to:

Dear user of the webmasterworld.com mailing service!
We are informing you that because of the security upgrade of the mailing service your mailbox (brett@webmasterworld.com) settings were changed. In order to apply the new set of settings click on the following link:

<snip bogus redirect>

Best regards, webmasterworldcom Technical Support.

------------------------------
the hyper link actually goes to a redirect at:

webmasterworld.com.bertdffe.co.uk

3:37 pm on Oct 14, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 27, 2002
posts:1187
votes: 0


Congrats on being important enough to be phished.
4:02 pm on Oct 14, 2009 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member whoisgregg is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Dec 9, 2003
posts:3416
votes: 0


We're getting those at a number of our domains as well. It appears to be a broad phishing attempt, targeting common first names and email aliases at many different domains. Occasionally the same email template has an attached .zip file instead of a link.

Some of the redirect domains for ours include:
ourdomain.com.polikki.co.uk
ourdomain.com.oikkkkuy.eu
ourdomain.com.bertdffm.eu
ourdomain.com.wsasdev.eu

The phishing emails the last few days have been getting much much better. I've had a number of employees forwarding emails to me checking to make sure I want them to install software. Time to do some more education about phishing.

4:05 pm on Oct 14, 2009 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38070
votes: 16


They specifically ran a spider against profiles here - just yesterday. They tripped 3 honeybot accounts.
4:28 pm on Oct 14, 2009 (gmt 0)

Senior Member from DE 

WebmasterWorld Senior Member 10+ Year Member

joined:May 25, 2002
posts:928
votes: 3


Also new: I got various phishing mails for the scandinavian service "runbox" - big email provider here in europe...

looks like a spike in phishing today!

4:39 pm on Oct 14, 2009 (gmt 0)

Junior Member

10+ Year Member

joined:Dec 4, 2002
posts:130
votes: 0


We got a pile of these sent to our organization this morning as well.
4:58 pm on Oct 14, 2009 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 28, 2002
posts:994
votes: 2


same here from the polikki domain mentioned above.
5:26 pm on Oct 14, 2009 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38070
votes: 16


yep - i got a bunch of others, but I have back tracked this to a bot that ran on WebmasterWorld yesterday.
5:54 pm on Oct 14, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 12, 2002
posts:1482
votes: 0


I also got one at my work email. Looks like these guys are active.
6:01 pm on Oct 14, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 16, 2004
posts:1341
votes: 0


I have been noticing more .eu and .uk addresses in spam for the past two weeks.
4:08 pm on Oct 19, 2009 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:23937
votes: 477


Yes, the activity is still going on. This is a phishing e-mail and not from WebmasterWorld.
4:58 pm on Oct 19, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 4, 2002
posts:1798
votes: 3


I've been getting this one forwarded from my clients. It doesn't even mention the host's name, the real emails are not being used, the grammar is bad, and the sender uses the same email as the one receiving it. too many red flags. I just warned all my clients. I accidentally clicked on the link and it wanted to download an .exe file. Go Mac!

---------
Attention!

On October 22, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole.
For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.
This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That's all.

[.........-admins.net...]

Thank you in advance for your attention to this matter and sorry for possible inconveniences.

System Administrator
---------
I falsified the url

5:08 pm on Oct 19, 2009 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:23937
votes: 477


Such phishing attempts rely on "trust" and it's all too easy to fall for them.

You're right to warn folks about these.

9:39 pm on Oct 21, 2009 (gmt 0)

Preferred Member

5+ Year Member Top Contributors Of The Month

joined:Sept 23, 2008
posts:442
votes: 0


Going little off-topic, if we register webmasterworld (dot) (any other TLD), I dont think phishers face any issues ?

Although, our network range yet not been effected by this attempt.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members