Sonic.net

I just received a pretty authentic-looking email warning me that I was about to exceed my 5GB disk quota and be charged $52.50 for it. This obviously wasn't true since I'm an email customer, but the scam was well done - purportedly from 'srae @sonic.net', the email headers look authentic unless you look very closely at the IP addresses (eventually leading back to 64.142.111.50). The URL hiding isn't quite as well done and what superficially looks like a Sonic link actually directs to (full URL elided) arkolors .com .

I don't expect Sonic to do anything about this, but it would sure be nice if you could check it out and blackhole their domain. It appears to be some bogus business in Peru.

The team here is locking and contacting the customer accounts here that are being used to send these, and we’ve blocked the harvest domain in our DNS. It’s not complete mitigation, but should help.

They kinda had me going until they stepped it up with a disputed payment notice a little while ago causing me to immediately log into my account to find it's all bull%$#.

This appears to be a systematic attack on the Sonic customer base - just got another one from 'brumby @sonic.net' directing to neivoberaldin .com (which motivated me to change account password and turn on 2FA, so that's good).