Phishing E-Mail

Phishing E-Mail
Links: home · search · speed test · login · more ·

Links: Reply New Topic
Forums » AT&T » AT&T Southeast » Phishing E-Mail

kdeuser @ 2nd Jul 09:54AM:
Phishing E-Mail

This appeared in my in-box this morning:

Notice to AT&T Internet Customers,

This message is from AT&T Customer Service messaging center to all AT&T account owners:
We are currently upgrading our data base e-mail account center. We are deleting all unused AT&T email account to create more space for new customers.

To prevent your account from closing you will have to update it as below so that we will know that it's a present used account.

To complete your AT&T e-mail account update, you must reply to this email immediately and enter your informations below.

Log in information @ your Domain
Name:
Email Address:
Password:
Alternative e-mail:
Password:

NOTE : Failure to do this will immediately render your AT&T e-mail address deactivated from our database.
Warning!!! Please do not ignore this message to avoid losing your e-mail account with us.
Sorry for any inconvenience this may cause you.
Thank you for your cooperation
Sincerely,

Your AT&T Internet Service Customer Care Team

©2009 AT&T Intellectual Property.
All rights reserved. AT&T, AT&T logo and all other marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies.
reply

RJ44 @ 2nd Jul 09:59AM:
Re: Phishing E-Mail

LOL! My wife got that a week or two ago. It's really not so bad as phishing goes. The grammar mistakes aren't as glaring as the ones from Nigeria are. But it's still pretty obvious.
reply

graysonf @ 2nd Jul 10:02AM:
Re: Phishing E-Mail

Next time you want to share something like this with us, it would be better if you included all the headers of the original message, not just message body. Sanitize sensitive items like your email address if it appears in the headers.

ATT or any other responsible ISP would never send a message like this out to their users or require a user to provide details like those requested to prevent deactivation of an address.

However, I suppose there are some out there that will fall for it and provide the information requested. They deserve what they get.
reply

kdeuser @ 2nd Jul 10:28AM:
Re: Phishing E-Mail

Header info:

X-Apparently-To: xxxxxxxxxxxxxxxxxx
; Wed, 01 Jul 2009 13:45:25 -0700
X-YMailISG: mrezqtEWLDsI2JRbdMMtaQGgJJtiePlAnkmu59F1QMMclAtZXYPO8BgrHUicsuMzSN8HBTqx1opKnl98XU NRInxyU.nyf5K1gZ0AdsD3GfZhsNPOe92vkjvCNFIpLeePHgY7TDL723IhqjHYU9J0X2RhBzdoWhoPAsp.rBDPCatS3MCSatuZ3bwK03zwaMg.XBicfYTpNYTQ4T1NyMYmfH9Hzf8VZszUFCTWmW10tOKGeMkZlJOi__JvVaeDMbinWaxeyo7SiOeMgS4KXg2ThpZBpfXUMNvhOrnRVgitLHxkaGmO_tWRauFhDa03vcbU93mnzYW8Fzrbn9LV4SAYMj2yiDTf11bgz3THEcljgnBWDO2zw1j42g--
X-Originating-IP: [65.55.111.174]
Authentication-Results: mta132.sbc.mail.re3.yahoo.com from=msn.com; domainkeys=neutral (no sig); from=msn.com; dkim=neutral (no sig)
Received: from 207.115.11.33 (EHLO fgateway03.isp.att.net) (207.115.11.33)
by mta132.sbc.mail.re3.yahoo.com with SMTP; Wed, 01 Jul 2009 13:45:20 -0700
Received: from blu0-omc4-s35.blu0.hotmail.com ([65.55.111.174])
by isp.att.net (frfwmxc03) with ESMTP
id ; Wed, 1 Jul 2009 20:45:18 +0000
X-Originating-IP: [65.55.111.174]
Received: from BLU114-W20 ([65.55.111.136]) by blu0-omc4-s35.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 1 Jul 2009 13:42:37 -0700
Message-ID:
Content-Type: multipart/alternative;
boundary="_1e74323f-0242-4fc9-be00-5b7e9093a024_"
X-Originating-IP: [8.9.222.1]
Reply-To:
From: ATT Customer Center
Subject: Notice To AT&T Internet Customers Account Upgrading And Phone
Package.
Date: Wed, 1 Jul 2009 20:42:38 +0000
Importance: Normal
MIME-Version: 1.0
Bcc:
X-OriginalArrivalTime: 01 Jul 2009 20:42:37.0931 (UTC) FILETIME=[78696BB0:01C9FA8C]
reply

graysonf @ 2nd Jul 11:57AM:
Re: Phishing E-Mail

Apparently originated from Hotmail.
reply

NormanS @ 2nd Jul 12:04PM:
Re: Phishing E-Mail

You should have bracketed those headers with a pair of "code" tags. That would have avoided the margin blow out.

The source of this email is some Hotmail account.

Bellsouth has long blocked outbound port 25, as has AT&T (Worldnet Service). SBC joined the list of ISPs blocking outbound port 25 in the Spring of 2005. So that covers the mergers bringing us to the current AT&T (all of which blocks outbound port 2). Many other ISPs block outbound port 25, or are moving toward such blocks. The result is that spammers are finding it harder to use compromised residential hosts to connect directly to domain gateway (MX) servers to inject spam into those systems.

In addition, more ISPs are setting up authenticated SMTP message submission servers in order to allow their users to access those servers from wireless hotspots, hotels, libraries, and the like. So spammers have found that it is worth the effort to use social engineering to "phish" for email login credentials (as your example demonstrates). The hapless user who complies with this bogus demand gives up his account access to a spammer, who can now send spam through the authenticated SMTP message submission server.

I have actually seen a couple of examples, where the spammer used a compromised Comcast account to send spam using stolen ATTIS email accounts. This resulted in the ATTIS SMTP servers being listed for spam, incidentally.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum
reply

heels_fan @ 2nd Jul 11:52PM:
Re: Phishing E-Mail

said by graysonf :

However, I suppose there are some out there that will fall for it and provide the information requested. They deserve what they get.

I know right off the top of my head about 15 customers who have responded to emails just like that.
--
everyone is born ignorant. some are born stupid, others achieve stupidity and the rest have stupidity thrust upon them.
reply

graysonf @ 3rd Jul 05:34AM:
Re: Phishing E-Mail

Well, there are whole industries that revolve around the pain and suffering of others caused by their own lack of common sense or outright stupidity.

If everyone wised up, they'd all go broke.
reply

nwrickert @ 3rd Jul 09:19AM:
Re: Phishing E-Mail

I received one of those a few days ago.

In a way, it's a good thing. It is evidence that the efforts to reduce spam are having some effect. In particular, the blocking of port 25 by ISPs and the requirement of SMTP authentication to submit mail are making it harder for spammers. This kind of phishing is their attempt to get credential to use for authenticating to the email server.
--
AT&T dsl; Speedstream 5100b modem; openSuSE 11.0; firefox 3.0.11
reply