Page 1 of 2

Phishing?

Posted: Wed Jan 13, 2021 11:09 am
by dianedm
I just got the email attached below. Looks very suspicious.

Re: Phishing?

Posted: Wed Jan 13, 2021 11:19 am
by dane
Yep, looks like phishing. Where does that URL actually point toward? We may be able to block or report the host and get it shut down.

Re: Phishing?

Posted: Wed Jan 13, 2021 11:41 am
by secondchances
Yes, I just received the same spam email. The phisher's email address is jtobinski@t-online.de.

Re: Phishing?

Posted: Wed Jan 13, 2021 11:45 am
by dane
secondchances wrote:Yes, I just received the same spam email. The phisher's email address is jtobinski@t-online.de.
What’s the URL for the target, the data collection site?

Re: Phishing?

Posted: Wed Jan 13, 2021 11:48 am
by secondchances
webmail2.sonic.net/v17?PrivacyUpdate.

Re: Phishing?

Posted: Wed Jan 13, 2021 11:54 am
by dane
That’s not the real URL, it’s the “text” they use to make it look valid. If you hover over that it should show the real URL, and you can right click to “copy URL”

Re: Phishing?

Posted: Wed Jan 13, 2021 12:02 pm
by secondchances
Ah, you're right, I didn't catch that. This is what shows up:

https://moucon.co.za

Re: Phishing?

Posted: Wed Jan 13, 2021 12:59 pm
by george_byrd
Some inept email phishing today.

Email with partial headers showing origin below.

The idiot didn't even forge the "from" address.

Note the last line quoted at bottom for phisher's web link:

> ...
> Received: from t-online.de (TtwlMcZewhR74hPIpAu7hhSv9Jc83ODOf+5WUQxREmRpRJmUD11qiZMtbpxmEZ2ZWy@[45.15.143.179]) by fwd05.t-online.de
> with (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384 encrypted)
> esmtp id 1kzlI1-3OCVv80; Wed, 13 Jan 2021 19:54:41 +0100
> From: "Account Management"<jtobinski@t-online.de>
> To: george_byrd@sonic.net
> Subject: Auth Required - Important Secure Mail Upgrade/Changes
> Date: 14 Jan 2021 02:54:41 +0800
> ...
> Important SONIC Email Changes :
> New features and updates for your sonic.net Email has been released and we are
> writing to inform you before we apply them to your Email Account. We extensively
> increased our spam filtering database to detect and analyze commonly used spam
> keywords, robo-junk senders and other forms of junk messages. Internal storage
> capacity has also been increased to 10GB for standard users and 20GB for
> commercial/business.
>
> Due to the nature of this recent changes, we may hold incoming messages if we
> have not received your authorization on or before January 20, 2021 to apply this
> new changes to your sonic.net Email.
>
> We have made the authorization process easy, you may proceed to authorize this
> changes at webmail2.sonic.net/v17?PrivacyUpdate <https://moucon.co.za/>.

Re: Phishing?

Posted: Wed Jan 13, 2021 1:05 pm
by dane
We have blocked in our DNS the target domain.

Re: Phishing?

Posted: Wed Jan 13, 2021 2:22 pm
by billfalls
I received this email as well. I'm surprised that it was not caught by the Sonic spam filter.