[nsp-sec] ATTN Google Mail, phishing drop box

Anthony Edwards anthony.edwards at sns.bskyb.com
Tue Sep 14 18:31:42 EDT 2010 

Hi

Account username and password phishing drop box
accountupgrade.webmail at googlemail.com:

: Return-path: helpdesk at webmail.com
: Envelope-to: abuse at abuse.noc.uk.easynet.net
: Delivery-date: Tue, 14 Sep 2010 22:41:28 +0100
: Received: from int0.mail.uk.easynet.net ([212.135.11.36])
:         by abuse.noc.uk.easynet.net with esmtp (Exim 4.63)
:         (envelope-from <helpdesk at webmail.com>)
:         id 1OvdFo-0006aA-0g
:         for abuse at abuse.noc.uk.easynet.net; Tue, 14 Sep 2010 22:41:28 +0100
: Received: from mailfilter4.mail.uk.easynet.net ([212.135.6.205])
:         by int0.mail.uk.easynet.net with esmtp (Exim 4.50)
:         id 1OvdFe-0004FH-PM
:         for abuse at ukonline.net; Tue, 14 Sep 2010 22:41:18 +0100
: Received: from ego-02.isspmail.com ([202.5.93.131])
:         by mailfilter4.mail.uk.easynet.net with esmtp (Exim 4.69)
:         (envelope-from <helpdesk at webmail.com>)
:         id 1OvdFY-0003hD-RF
:         for abuse at ukonline.net; Tue, 14 Sep 2010 22:41:13 +0100
: Received: (qmail 10966 invoked from network); 14 Sep 2010 20:17:08 -0000
: Received: from unknown (HELO webmail.ego.co.th) (rung22 at ego.co.th@202.5.93.131)
:         by 172.16.10.131 with ESMTPA; 14 Sep 2010 20:17:08 -0000
: Received: from 188.65.178.161 (proxying for 41.220.68.6, unknown)
:         (SquirrelMail authenticated user rung22 at ego.co.th);
:         by webmail.ego.co.th with HTTP;
:         Wed, 15 Sep 2010 03:17:08 +0700 (ICT)
: Message-ID: <37166.188.65.178.161.1284495428.squirrel at 188.65.178.161>
: Date: Wed, 15 Sep 2010 03:17:08 +0700 (ICT)
: Subject: Helpdesk Upgrade
: From: Webmail Helpdesk <helpdesk at webmail.com>
: Reply-To: accountupgrade.webmail at googlemail.com
: User-Agent: SquirrelMail/1.4.3a
: X-Mailer: SquirrelMail/1.4.3a
: MIME-Version: 1.0
: Content-Type: text/plain;charset=tis-620
: Content-Transfer-Encoding: 8bit
: X-Priority: 3 (Normal)
: Importance: Normal
: X-Sent-For-Filtering: yes
: Delivered-To: abuse at uk.easynet.net
: X-int0-test-Delivered-To: abuse at uk.easynet.net
: 
: Dear Webmail Account Owner,
: 
: Due to the congestion in all Webmail users and removal of all unused
: Webmail Accounts, Webmail would be shutting down all unused accounts. You
: will have to confirm your E-mail by filling out your Login Information
: below after clicking the reply button, or your account will be suspended
: within 48 hours of receiving this mail without responce from this Webmail
: account user.
: 
: Your Current User Name:
: Your Current Password:
: Country Or Territory:
: 
: After Following the instructions in the sheet, your account will not be
: interrupted and will continue as normal. Thanks for your attention to this
: request. We apologize for any inconvenience.
: 
: Webmail Helpdesk

Anthony Edwards

-- 
Anthony Edwards
anthony.edwards at sns.bskyb.com
Abuse Team Manager  -  Sky Network Services
DDI: 0161 888 3507

More information about the nsp-security mailing list