Phishing?

General discussions and other topics.
13 posts Page 1 of 2
by dianedm » Wed Jan 13, 2021 11:09 am
I just got the email attached below. Looks very suspicious.

Attachments

by dane » Wed Jan 13, 2021 11:19 am
Yep, looks like phishing. Where does that URL actually point toward? We may be able to block or report the host and get it shut down.
Dane Jasper
Sonic
by secondchances » Wed Jan 13, 2021 11:41 am
Yes, I just received the same spam email. The phisher's email address is jtobinski@t-online.de.
by dane » Wed Jan 13, 2021 11:45 am
secondchances wrote:
Yes, I just received the same spam email. The phisher's email address is jtobinski@t-online.de.


What’s the URL for the target, the data collection site?
Dane Jasper
Sonic
by secondchances » Wed Jan 13, 2021 11:48 am
webmail2.sonic.net/v17?PrivacyUpdate.
by dane » Wed Jan 13, 2021 11:54 am
That’s not the real URL, it’s the “text” they use to make it look valid. If you hover over that it should show the real URL, and you can right click to “copy URL”
Dane Jasper
Sonic
by secondchances » Wed Jan 13, 2021 12:02 pm
Ah, you're right, I didn't catch that. This is what shows up:

https://moucon.co.za
by george_byrd » Wed Jan 13, 2021 12:59 pm
Some inept email phishing today.

Email with partial headers showing origin below.

The idiot didn't even forge the "from" address.

Note the last line quoted at bottom for phisher's web link:

> ...
> Received: from t-online.de (TtwlMcZewhR74hPIpAu7hhSv9Jc83ODOf+5WUQxREmRpRJmUD11qiZMtbpxmEZ2ZWy@[45.15.143.179]) by fwd05.t-online.de
> with (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384 encrypted)
> esmtp id 1kzlI1-3OCVv80; Wed, 13 Jan 2021 19:54:41 +0100
> From: "Account Management"<jtobinski@t-online.de>
> To: george_byrd@sonic.net
> Subject: Auth Required - Important Secure Mail Upgrade/Changes
> Date: 14 Jan 2021 02:54:41 +0800
> ...
> Important SONIC Email Changes :
> New features and updates for your sonic.net Email has been released and we are
> writing to inform you before we apply them to your Email Account. We extensively
> increased our spam filtering database to detect and analyze commonly used spam
> keywords, robo-junk senders and other forms of junk messages. Internal storage
> capacity has also been increased to 10GB for standard users and 20GB for
> commercial/business.
>
> Due to the nature of this recent changes, we may hold incoming messages if we
> have not received your authorization on or before January 20, 2021 to apply this
> new changes to your sonic.net Email.
>
> We have made the authorization process easy, you may proceed to authorize this
> changes at webmail2.sonic.net/v17?PrivacyUpdate <https://moucon.co.za/>.
by dane » Wed Jan 13, 2021 1:05 pm
We have blocked in our DNS the target domain.
Dane Jasper
Sonic
by billfalls » Wed Jan 13, 2021 2:22 pm
I received this email as well. I'm surprised that it was not caught by the Sonic spam filter.
13 posts Page 1 of 2

Who is online

In total there are 2 users online :: 0 registered, 0 hidden and 2 guests (based on users active over the past 5 minutes)
Most users ever online was 964 on Tue Sep 29, 2020 11:23 pm

Users browsing this forum: No registered users and 2 guests