WARNING: Very Sneaky New Phishing Scam

[Steven Wagenheim]

This is a new one folks and it's very sneaky. At first glance, because of the
URL in the email (your domain) it looks legit.

The phishing scam is as such.

The email says that the security settings in your email have been changed
and in order to have the changes take effect, you need to click on the link.

Upon looking at the link in the email, it appears to be YOUR domain.

However, if you hover your mouse over it, you will see that it is very
cleverly cloaked. I don't know how it's done. The actual domain I got
this from was somewhere in the UK.

I contacted my web host and they informed me that it is a phishing scam.

Please be very careful if you get one of these.

One way to check is to check the headers of where the email came. My
email came from Brazil.

Just a heads up.

[Kevin Williams]

Assuming you get html email it would just be <a href="reallink">fakelink</a> - but I get so many phish attempts every day I couldn't imagine actually falling for one.

[Steven Wagenheim]

Quote:

Originally Posted by spire8989

Assuming you get html email it would just be <a href="reallink">fakelink</a> - but I get so many phish attempts every day I couldn't imagine actually falling for one.

Except this was a text email, which is why it had me fooled. Or, it was an
HTML email made to look like text. In other words, it was totally plain.

Like I said, sneaky.

[Kevin Williams]

Ah, gotcha - if it was made to look like a text email then it might trick me a little too heh

[Floyd Fisher]

Quote:

Originally Posted by Steven Wagenheim

Except this was a text email, which is why it had me fooled. Or, it was an
HTML email made to look like text. In other words, it was totally plain.

Like I said, sneaky.

It's html, made to look like text.

Yeah, it's very sneaky, make sure you view the code so you know.

Also, you just might have been trojaned due to clicking on the link. Get yourself over to Symantec and do their online scanner asap. It's free, and it detects stuff.

[Kim Standerline]

I got one earlier which was a tad disturbing

Dear user of the .com mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox info@site.com settings were changed. In order to apply the new set of settings open zip attached file.

Best regards, site Technical Support.

As I own the domain and host it myself on my own server I knew it was false. But I can't even imagine how many people would open the attached file without thinking

These people are getting really clever

Kim

[dsmpublishing]

Quote:

Originally Posted by Steven Wagenheim

However, if you hover your mouse over it, you will see that it is very
cleverly cloaked. I don't know how it's done. The actual domain I got
this from was somewhere in the UK.

Thanks for the tip steven

ive come across some really clever ones lately.

The ones that i have nearly fallen for norton has lucky brought up.

kind regards


sam
X

[lanta99]

Quote:

Originally Posted by Steven Wagenheim

Except this was a text email, which is why it had me fooled. Or, it was an
HTML email made to look like text. In other words, it was totally plain.

Like I said, sneaky.

hm.. do you mean like this?

<a href="www(dot)pishingwebsitelink(dot)com">http://www dot yourwebsiteslink dot com</a>?

If yes, then I think I got that one a little while ago.

~George

[JamesPenn]

I got this today.

I clicked on the link before realising it was a fake. I didn't enter any details and closed it straight away.

No harm done, right?

[SMS]

Thanks Steve.

I guess this is another good reason to use the privacy option when registering domains.

[Sell]

There are so many things that can trick you.

These two tools can fake things too!

Log into your ClickBank account and place this code

javascript:document.body.contentEditable=’true’; document.designMode=’on’; void 0

in your browsers url, then type in your amounts in your account, you may have to try it a few times before it will work.

and this..

Make Money With Google AdSense

[Kim Standerline]

Why are you posting this on a number of threads

Quote:

Originally Posted by Sell

There are so many things that can trick you.

These two tools can fake things too!

Log into your ClickBank account and place this code

javascript:document.body.contentEditable=’true’; document.designMode=’on’; void 0

in your browsers url, then type in your amounts in your account, you may have to try it a few times before it will work.

and this..

Make Money With Google AdSense

[lemaxflo]

thanks 4 the info

[Kim Standerline]

ROFL Nice one

Quote:

Originally Posted by lemaxflo

thanks 4 the info

[Sell]

I thought i would post it twice, since it was on topic, it's slightly different, won't do that again.

[Dan C. Rinnert]

Looks like they're recycling golden oldies here. I saw similar attempts years ago. They'd try to pose as the Admin of a service and make it look like eMails were coming from the service itself.

I've seen two variations on this current round.

One sends a message with a ZIP attachment that purportedly contains the new settings file you need to install.

The second provides a fake URL, as Steve described.

Even though it may look like it's coming from your host (which is easy to know if you ARE the host...), there are two signs that it is not.

The first is that both variations of this message address you as "Dear user of...." This is the first clue. Most services will know your name. And, few still use a bulk message that is not personalized.

Even if your host were to use unpersonalized bulk messages, the second clue is in the "name" of the mailing service, which is identified as "yourdomain.dom mailing service". Most sites have a name, and don't just use the domain name. They might have yourdomain.dom, but they go by Your Domain, Inc. or something. Or, maybe YourDomain.dom Mail. Few will have no name and all lower case like that.

Additionally, most hosts would probably notify you ahead of time of any server upgrades.

On top of all of that, most hosts would never require you to reset or install new "settings" for your eMail. You might need to change IPs or POP/SMTP settings, but those are generally not provided in a settings file. And, even if they were, the first two clues should throw up enough of a red flag that it's not really coming from your host.

Furthermore, if these settings were changed and require you to reset or install new settings, then how did you even receive the eMail telling you about that change? That should be a clue too.

I disagree that these phishers and scammers are getting more clever. This message really shouldn't fool anybody. It's not even all that sneaky. Now, if they had combined a few techniques used by assorted spammers, they could have produced a more convincing message. But, as it is, it's rather sloppy.

[Charann Miller]

Anything that asks me for something out of the ordinary like my password or to access my account via a link because my account has been compromised I avoid like the plague.

I've had at least 6 emails that claim to be from PayPal that encourage me to check my account via their link. I immediately report them to PayPal.

Good thing you contacted your host directly, imagine how many people may not be so lucky.

[dragonetinvestments]

Thanks for the head's up, i have been caught out before by a phising scam, so i try and be as secure as possible nowadays. too many scams

[Eric Lorence]

Quote:

Originally Posted by JamesPenn

I got this today.

I clicked on the link before realising it was a fake. I didn't enter any details and closed it straight away.

No harm done, right?

I'd do a spyware scan of your computer to be safe...

It's oftentimes a "one-two" punch that even if your don't bite the scam, they'll try to shoot a trojan from an infected page.

[Shana_Adam]

I use the spybot immunize function. I believe it will stop malicious attacks inside your browser. Stopping adware attaching to your browser.

Plus ccleaner, windows washer,....the list goes on of programs protecting me jesus I cant keep up!

[JayXtreme]

I'm doing a little fishing next week..

Conditions are perfect for a few evenings down the lake, the carp have been really active lately



Peace

Jay

[JohnMcCabe]

Quote:

Originally Posted by JamesPenn

I got this today.

I clicked on the link before realising it was a fake. I didn't enter any details and closed it straight away.

No harm done, right?

No telling what nasties you might have let in the back door. As Eric said, scan your computer ASAFP.

I've been getting these for several domains over the last couple of days. They claim to be from the admin, but I don't remember sending them...

My wife spends hours every night surfing the net, and she's about as non-techie as you get and still go online. Fortunately, I've instilled a healthy paranoia about emails that ask her to do this kind of thing.

Yes, the goons are getting sneakier all the time. Even 'legitimate' sites are beating the pop-up blockers by tying the pop to some event, like a click on a link or submit button.

One night, she complained that her laptop was running really slow all of a sudden. When I took a look, she had 27 browsers running at the same time. 24 of them were ads for Netflix.

[TedMarlett]

Thanks for the post Steven.

I got really used to getting these when I was selling on eBay. I saw many different varieties of these and learned not to open them.

I do know that anyone you are doing a legitimate business with will use your name in the email.

I just don't make it a practice of opening any email I don't recognize, especially from myself as I don't email myself.

[Vaan]

Once again, You give us valuable information Steven..

I'm always registering domain protection to all my domain, hope I don't get this phising follks on my email, despite there is a lot of spam email that i don't check and delete it every day

Vaan

[Ricardo-Acosta]

Yup, they do that to facebook users as well.