[nsp-sec] Phishing attack

Salusky, William william.salusky at corp.aol.com
Mon Mar 1 16:46:20 EST 2010 

ACK.  Taking this offline with Helge.
 
----
William Salusky 
 
 

> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net 
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of 
> Helge Aksdal
> Sent: Sunday, February 28, 2010 9:46 AM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] Phishing attack
> 
> ----------- nsp-security Confidential --------
> 
> Hi all,
> 
> Telenor is currently receiving phishing e-mails like this one.
> 
> Reply-to address is technsupport at mcom.com and hosted by:
> 
> 1668    | 64.12.137.207    | AOL-ATDN - AOL Transit Data Network
> 
> E-mails are sent from:
> 
> 1257    | 212.247.155.168  | TELE2 
> 
> > Received: from swip.net (mailfe14.tele2.ch [212.247.155.168])
> > 	by mail21.nsc.no (8.14.3/8.14.3) with ESMTP id o1SAs24e019812;
> > 	Sun, 28 Feb 2010 11:54:54 +0100 (MET)
> > X-Cloudmark-Score: 0.000000 []
> > X-Cloudmark-Analysis: v=1.0 c=1 a=_6Yxuf5API0A:10 a=yR6y1c09wwYA:10
> > 	a=hOwSe+8LL/V/92M2+7hBVg==:17 a=vRZ2JQDQAAAA:8
> > 	a=IzWY9MLSHtidxf4W3MYA:9 a=6VMl6U-AqTnHgZFkYl8A:7
> > 	a=CP9K9qSRODYxZ4FdCJLUBjiNQLQA:4
> > Received: from [213.239.234.57] (account eu286473 at tele2.ch)
> > 	by mailbe05.swip.net (CommuniGate Pro WEBUSER 5.2.19)
> > 	with HTTP id 48917286; Sun, 28 Feb 2010 11:54:02 +0100
> > From: "mail.online.no" <helpdesk at online.no>
> > Subject: Kjære mail.online.no e-postkonto
> > 	Bruker
> > X-Mailer: CommuniGate Pro WebUser v5.2.19
> > Date: Sun, 28 Feb 2010 11:54:02 +0100
> > Message-ID: <web-48917297 at mailbe05.swip.net>
> > X-Priority: 3
> > MIME-Version: 1.0
> > Content-Type: text/html;charset=utf-8
> > X-Xxroufqwki: sw=gld ver=1.2 d=0s tld=ch st=wip
> > X-XClient-IP-Addr: 212.247.155.168
> > To: undisclosed-recipients: ;
> > Content-Transfer-Encoding: quoted-printable
> > Reply-To: technsupport at mcom.com
> 
> --
> Helge Aksdal
> Telenor 
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the 
> nsp-security community. Confidentiality is essential for 
> effective Internet security counter-measures.
> _______________________________________________
>

More information about the nsp-security mailing list