Got a somewhat baffling email this morning, in HTML, asking me to reset the password for email@example.com.
It was flagged as spam (obviously) and seemed at first like a "phish" to capture usernames and passwords but . . . what would be the point of that? There's no account as such for the fryup email address but even if there was one, a phisher couldn't do much apart from subscribe to and unsubscribe from various newsletters.
Turns out the message is "phish spam" or maybe even "spam phish" because the Korean site referenced to in the HTML (don't go there, likely to be unsafe) hawks the usual Intarweb make big penis fast pills and bogus meds.
There's been an upsurge in old-fashioned spam of the above type, and it's sad to see it's still around. Guess there are enough idiots around buying buying dodgy pills laced with human faeces and e-coli still to make it worthwhile.
Thanks guys, you're really making it better for everybody.
Return-Path: <firstname.lastname@example.org> X-Virus-Scanned: amavisd-new X-Spam-Flag: YES X-Spam-Score: 16.009 X-Spam-Level: **************** X-Spam-Status: Yes, score=16.009 tagged_above=4 required=6.8 tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RDNS_NONE=0.1, SARE_RECV_PORTHELO_2=2, URIBL_AB_SURBL=1.86, URIBL_BLACK=6, URIBL_WS_SURBL=1.5] X-Greylist: delayed 00:18:31.060287 by SQLgrey-1.6.7 Received: from 75-149-84-236-Illinois.hfc.comcastbusiness.net ([126.96.36.199]) by machine.fairfaxbm.co.nz (Lotus Domino Release 7.0.2) with ESMTP id 2010063010053986-2830 ; Wed, 30 Jun 2010 10:05:39 +1200 Received: from 188.8.131.52 (port=6768 helo=[Supervisor2]) by roycon-dubai.com with asmtp id 1423E7-000531-79 for email@example.com; Tue, 29 Jun 2010 17:02:44 -0600 Message-ID: <5BEF39C4.firstname.lastname@example.org> Date: Tue, 29 Jun 2010 17:02:44 -0600 From: "computerworld.co.nz support" <email@example.com> MIME-Version: 1.0 To: firstname.lastname@example.org Subject: ***SPAM*** Reset your computerworld.co.nz password X-Spam: Not detected X-Mras: OK X-MIMETrack: Itemize by SMTP Server on Machine/NZWeb(Release 7.0.2|September 26, 2006) at 30/06/2010 10:05:40 AM, Serialize by Router on Machine/NZWeb(Release 7.0.2|September 26, 2006) at 30/06/2010 10:24:12 AM Content-Type: text/html; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable <html> <head> <title>Reset your computerworld.co.nz password</title> </head> Hello, email@example.com.<br> <br> We received your request to reset your computerworld.co.nz password. To con firm your request and reset your password, follow the instructions below. C onfirming your request helps prevent unauthorized access to your account.<b r> <br> If you didn't request that your password be reset, please follow the instru ctions below to cancel your request.<br><br> CONFIRM REQUEST AND RESET PASSWORD<br><br> Click on the following web address:<br><br> <a href=3D"http://sonda.co.kr/index2.html">https://computerworld.co.nz/conf irm.srf?lc=3D1033=3Dfryup@computerworld.co.nz=3D1</a> <br> <br> CANCEL PASSWORD RESET<br><br> Click on the following web address:<br><br> <a href=3D"http://sonda.co.kr/index2.html">https://computerworld.co.nz/CANC EL.srf?lc=3D1033=3Dfryup@computerworld.co.nz=3D1</a> <br><br> Thank you,<br><br> computerworld.co.nz Team </body> </html>
Other related posts:
Video: Kim Dotcom and Mathias Ortman at the IITP Mega breakfast
Two-factor authentication broken
The problem with naming and shaming
comments powered by Disqus