20 Oct 2009

Email settings phishing scam

Screen shot 2009-10-20 at 18.12.29It has come to my attention recently that there is a rather convincing email phishing scam going around. I saw it when with a client last week and it made me chuckle, but then today i have been alerted to it from one of my clients to whom i provide a mail service, so suddenly i chuckled less and thought i would make you all aware of it.

The scam involves sending what appears to be a very convincing email to users informing them there has been a server upgrade and in order for there mail to continue functioning they need to click on the link to perform an upgrade.

Now to the more cynical of us we are not going to fall for it, but it was pretty convincing.

I will show you why. (clients domain name has been replaced with my own)

Dear user of the mogmachine.com mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox (info@mogmachine.com) settings were changed. In order to apply the new set of settings click on the following link:

http://mogmachine.com/owa/service_directory/settings.php?email=info@mogmachine.com&from=mogmachine.com&fromname=info

Best regards, mogmachine.com Technical Support.

So perhaps now out of context it is suspicious, but as a corporate type with no real time to look into these things it appears to be generated from your own domain, and the link also appears to be to your domain, …well i wouldn’t spam myself now would i ?

Once you click on the link however things become clearer, …the url is as follows:

http://mogmachine.com.til1tlli.net/owa/service_directory/settings.php?email=info@mogmachine.com&from=mogmachine.com&fromname=info

the bit you need to pay attention to is this:

http://mogmachine.com.til1tlli.net/

This as the red highlighting will show you is not from your domain, but in fact a domain called til1tlli.net which now should make it very clear, this is fake and not to be clicked on.

The fact it then invites you to download a .exe program file should be the final straw, ..but i would hope you don’t get that far.

I hope this has proved useful and highlights the sorts of things to look out for in the future.

Leave a Comment

Inappropriate comments will be removed at admin's discretion.