Phishing with a small twist

Published: 2009-02-20
Last Updated: 2009-02-20 12:26:18 UTC
by Mark Hofman (Version: 1)
2 comment(s)

A reader sent this through to us (thanks) and it has an interesting little twist. 

The message is one we are already used to

Dear email account owner,

This message is from somewhere email administration center to all email
account owners. We are currently upgrading the email securities of our
database and email account center. We are also conducting a routine check
by deleting all unused accounts to create more space for new accounts.

To prevent your email account from being closed, you will have to update
it below by providing us with the below mentioned so that we can ascertain
that your account is prensently in use.


Email Username:....................
Email Password:....................
Date of Birth:.....................
Country or Territory:..............

Warning!!! Account owner that refuses to update his or her account within
Seven days of receiving this warning will lose his or her account


Admin Team

Thank you for using somewhere email account

We know this message.  Nothing different so far.  The twist is in the sender and reply address.  Instead of the usual   such as hotmail,, gmail, yahoo, etc.  this reply address had its own domain.  So they set up a domain to make it seem more legit.  The domain was registered yesterday.  The phising messages are already going out.  No doubt replies are already going back.  You may wish to consider making email to the domain disappear.  Just be aware there may be other domains as well.


Joanne mentioned that she has seen this a bit over the last few months.  Like most of us she just discarded the message, after all spam is spam no matter what the reply address is. 

Mark H - Shearwater

I'll be teaching  Security 401: SANS Security Essentials Bootcamp Style in Melbourne (May 11-16), Canberra (June 29 - July 4)

Keywords: phising
2 comment(s)
Diary Archives