Spoofed email to Phish - TechRepublic
Question
October 20, 2009 at 03:01 AM
3phatladies

Spoofed email to Phish

by 3phatladies . Updated 16 years, 8 months ago

Hi all.
Today we received an email that seemed to come form our own domain called alert…”alert@domain.com”

Obviously they tried to Phish us out with the link and it’s originating via a relay site in Russia but how did they manage to trick the front desk into showing them it came from within our domain though?

We don’t have an email by that name so it rang alarm bells and Untangle trapped it as spam anyhow. On opening it up (actual domain name omitted)in a VM it read :

Return-Path:
From:
To:
Subject: For the owner of the michael@domain.com mailbox
Date: Tue, 20 Oct 2009 03:59:31 +1100
Message-ID: <000d01ca50d5$24d9f380$6400a8c0@sorestfbt44>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=”—-=_NextPart_000_003B_01CA5175.D7F98D40″
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcpQ1TpPBtV47dDjTkqvUVpiC7GILg==
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300

This is a multi-part message in MIME format.

——=_NextPart_000_003B_01CA5175.D7F98D40
Content-Type: text/plain;
charset=”Windows-1252″
Content-Transfer-Encoding: 7bit

Dear user of the domain.com mailing service!

We are informing you that because of the security upgrade of the mailing
service your mailbox (michael@domain.com) settings were changed. In
order to apply the new set of settings click on the following link:


http://domain.com/owa/service_directory/settings.php?email=michael@domain.com&from=domain.com&fromname=michael

Best regards, domain.com Technical Support.

This discussion is locked

All Comments