Alert- Phishing Attack
Friday, January 8th, 2010
10:59 am Eastern Time
10:59 am Eastern Time
We are seeing reports that a new phishing attack is affecting our Subscriber’s Inboxes and will compromise your security if responded to.
Here is a sample:
From: noreply@smith.net [mailto:noreply@smith.net] Sent: donderdag 7 januari 2010 14:27 To: diana@smith.net Subject: A new settings file for the diana@smith.net has just been released Dear user of the smith.net mailing service! We are informing you that because of the security upgrade of the mailing service your mailbox (diana@smith.net) settings were changed. In order to apply the new set of settings click on the following link: http://smith.net/owa/service_directory/settings.php?email=diana &diana&from=smith.net&fromname=diana Best regards, smith.net Technical Support.
If you have received anything like this, just ignore this message, delete it, and do not click on the link. All emails coming from Hover, your service provider, will identify us as Hover.com.
Our Abuse team is currently investigating information related to this phishing scam.
Posted on January 8th, 2010 at 11:46 am
I have twitter and receive updates from hover about hover issues from time to time. I do not use internet on my phone due to the added expense. Why don’t I receive the alerts or issue e-mails in with my regular e-mails? After all, my e-mail service is from hover.
Posted on January 8th, 2010 at 2:33 pm
That’s a good question and suggestion, Adrian. As you indicated, we currently provide system alerts, maintenance notices and “what’s new” updates via RSS feeds. For those interested you can sign up for those alerts at: http://help.hover.com/alert-signup/
I think others would also appreciate the option of receiving such information by email.
I have documented this as a formal feature request . If you have more suggestions we want to hear them.
Posted on January 10th, 2010 at 4:30 am
I just wanted to let you know that I have also had one of the recent phishing emails.
What is concerning is that it appears to have been sent from borchardt.com.
Do you have exclusive ownership of borchardt.com? I have now had my email address for ten years, and do want to be confident that the address is secure.
Here’s the message I got:
Dear user of the borchardt.com mailing service!
We are informing you that because of the security upgrade of the mailing service your mailbox (alex@borchardt.com) settings were changed. In order to apply the new set of settings click on the following link:
http://borchardt.com/owa/service_directory/settings.php?email=alex@borchardt.com&from=borchardt.com&fromname=alex
Best regards, borchardt.com Technical Support.
Message-ID#E3DAESGT7PE463YHWGMEOJ3
Posted on January 10th, 2010 at 11:20 am
I also got this e-mail. It appears to be from someone registered with you “operator@rodgers.net”, seems like you’d be able to close it down.
_______________________________
From: operator@rodgers.net [mailto:operator@rodgers.net]
Sent: Sunday, January 10, 2010 7:52 AM
To: joseph@rodgers.net
Subject: The settings for the joseph@rodgers.net were changed
Dear user of the rodgers.net mailing service!
We are informing you that because of the security upgrade of the mailing service your mailbox (joseph@rodgers.net) settings were changed. In order to apply the new set of settings click on the following link:
http://rodgers.net/owa/service_directory/settings.php?email=joseph@rodgers.net&from=rodgers.net&fromname=joseph
Best regards, rodgers.net Technical Support.
Message ID#QZ6LE49NNX310W0B3SP5NI92QWV9
Posted on January 11th, 2010 at 12:47 pm
These phishing messages are designed to seem legitimate, even though they are not. This deception is partly accomplished by forging the display name so that the message seems to be sent from the domain being targeted. If you examine the message headers from the phishing message you’ll see the actual return path address indicates the email was not sent from the borchardt.com domain.
You can examine the headers of a message by following this step by step guide: http://about.hover.com/headers