I've noticed an increase in phishing scams pretending to be from Sonic, looking for logins / credit card numbers. Don't know if you're aware of this but perhaps some additional filtering can be applied. So far they've been trivially obvious, not even faking the sender domain.
Uptick in phishing emails directed at Sonic
General discussions and other topics.
4 posts
Page 1 of 1
They’ve proven very difficult to block, because unlike most spam they’re very small volume and do not trigger the usual keywords. Our team blocks them as they’re seen, and we block the sites they collect data at, but some still fall for them.
Dane Jasper
Sonic
Sonic
I've been getting them every day recently as well. "Critical Alert," "A Gentle Reminder," always a phishing link inside.
Here's part of the raw source (header):
Return-Path: <af@citysportsgroupng.com>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on h.spam.sonic.net
X-Spam-Level:
X-Spam-Status: No, score=-1.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,DKIM_VALID_EF,HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,
RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SNF4SA,SONIC_BX_A2,SPF_HELO_NONE,
T_KAM_HTML_FONT_INVALID,T_REMOTE_IMAGE,T_SCC_BODY_TEXT_LINE
shortcircuit=no autolearn=disabled version=3.4.6
X-Spam-SNF-Result: 0 (Standard White Rules)
X-Spam-MessageSniffer-Scan-Result:
X-Spam-MessageSniffer-Rules:
0-0-0-29807-c
X-Spam-GBUdb-Analysis: 1, 35.89.44.32, Ugly c=0.372106 p=-0.459459 Source
Normal
Received: from a.mx.sonic.net (b.spam-proxy.sonic.net [157.131.224.146])
by a.local-delivery (8.14.7/8.14.7) with ESMTP id 27NLhr89030251
(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
Here's part of the raw source (header):
Return-Path: <af@citysportsgroupng.com>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on h.spam.sonic.net
X-Spam-Level:
X-Spam-Status: No, score=-1.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,DKIM_VALID_EF,HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,
RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SNF4SA,SONIC_BX_A2,SPF_HELO_NONE,
T_KAM_HTML_FONT_INVALID,T_REMOTE_IMAGE,T_SCC_BODY_TEXT_LINE
shortcircuit=no autolearn=disabled version=3.4.6
X-Spam-SNF-Result: 0 (Standard White Rules)
X-Spam-MessageSniffer-Scan-Result:
X-Spam-MessageSniffer-Rules:
0-0-0-29807-c
X-Spam-GBUdb-Analysis: 1, 35.89.44.32, Ugly c=0.372106 p=-0.459459 Source
Normal
Received: from a.mx.sonic.net (b.spam-proxy.sonic.net [157.131.224.146])
by a.local-delivery (8.14.7/8.14.7) with ESMTP id 27NLhr89030251
(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
Hi, When I get these fake Sonic emails (like just this morning) should I notify someone at Sonic and forward the email? Where to? Thanks.
4 posts
Page 1 of 1
Who is online
In total there are 6 users online :: 1 registered, 0 hidden and 5 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am
Users browsing this forum: Google [Bot] and 5 guests
Most users ever online was 999 on Mon May 10, 2021 1:02 am
Users browsing this forum: Google [Bot] and 5 guests