Difference between just spam and security threat?

[blackman]

I received an email where the "From"line read
From: "Sonic.net Webmail Info Centre"<[email protected]>
The message text began
"Sonic.net Webmail is currently undergoing an
account upgrade exercise and all users are
required to Login to the new SONIC CENTRE
Upgrade Access for online account upgrade and await
Help desk'
We apologies for any inconvenience and
appreciate your understanding.
Please login to your type of account!!!"
It then provided a number of "helpful" links.

I contacted support to ask if it was legitimate. I didn't think it was and I clicked on nothing. I was amazed when I got back a boiler plate response about spam in general. So an email pretending to be from sonic.net and asking for our login information is really nothing more that boring spam and not of the slightest concern or interest to Sonic?
From support's response I assume I was totally overreacting and I shouldn't have bothered with contacting support but I still surprised by that. So I guess my question then is - if that is nothing to be concerned about - what kind of message would be worth being concerned about account security?

Diane Blackman

[cataha]

next time, go to properties and check for an ip address (better off, post what you find/shows from properties of said email so that others as well will see it), compare to real sonic.net ip-pool
Copy and past link of said email to a notepad/scratchpad if it's a fake you will see either an IP-add/something/something/sonic.net
or a from a paid hosting but with a similar attributes and NOT a sonic real DNS/IP unless some suicider(one-dater) is there


Good site
http://www.securingthehuman.org/program ... t-training

[blackman]

I could pretty well guess it is a fake. I just thought Sonic might have some concerns about customers who wouldn't know all the techno stuff. I considered the possibility that some Sonic customers would believe it to be real and would provide their email log in information as the email said that they must. I didn't consider the possibility that Sonic would just shrug and assume that all of its customers were way too smart to fall for that "steal your login information" trick. Oh well I've learned now. Thanks for taking the time to reply.

[thulsa_doom]

If you get mail purporting to be from Sonic.net that is trying to get you to do something, particularly if it involves sensitive information (like your password or payment info), go ahead and forward it with headers to [email protected]. We see these from time to time, and can dig through the headers, block reply-to addresses, and notify the ISPs that the scam came from in hopes of getting the sender locked down.

If the message is more than, say, six hours stale, we've probably already had somebody report it, so you can just delete it.

The only messages we regularly send out with links to our tools are soliciting customer service feedback, and don't require that you provide a password.

[kbenson]

If the message is more than, say, six hours stale, we've probably already had somebody report it, so you can just delete it.

Indeed. In this case, on of our operations personnel received this phishing email on the morning of the 26th, and we took steps to make sure it was blocked be default by SpamAssassin shortly thereafter.

You most likely received this email in the time before we had a block in place.