|
Thread Number: 68843
/ Tag: Other Home Products or Autos
How phishing e-mail works |
[Down to Last] |  |
Post# 916359 1/19/2017 at 11:17 (2,646 days old) by DADoES  (TX, U.S. of A.) |
||
 This post probably should be in ATTT section but I wanted more people to have access to see it. This is how phishing/malware e-mails work: I received a message this morning from J.J. Douglas Services, claiming that payment on an invoice is due. 1) I don't know J.J. Douglas Services. 2) Checking the source code of the e-mail, it came from an IP registered to Bright Light Radiology in Elk Grove, IL via Comcast Business Services (ARIN.net has a WhoIs search for IPs). 3) Google search finds that J.J. Douglas Services apparently is a legitimate HVAC service in Deland, FL. 4) Google search also finds a BBB report that the name "J.J. Douglas Services" is being used in phishing e-mails. 5) A link in the message to view the invoice is coded for 6pm[dot]com[dot]pk with a php function ... which .pk domain name extension is Pakistan. So, a message claiming to be from J.J. Douglas Services of Deland, FL, routed from Bright Light Radiology in Elk Grove, IL, with a link to view an invoice that goes to a server in Pakistan = NO. I sent the e-mail to Comcast's abuse contact for investigation. | ||
|
| Post# 916360 , Reply# 1 1/19/2017 at 11:20 (2,646 days old) by mayken4now (Panama City, Florida) | ||
 | ||
|
Post# 916364 , Reply# 2 1/19/2017 at 11:46 (2,646 days old) by Frigilux (The Minnesota Prairie) |
||
 | ||
|
Post# 916370 , Reply# 3 1/19/2017 at 13:41 (2,646 days old) by vintage1963 (Ohio) |
||
 | ||
|
Post# 916373 , Reply# 4 1/19/2017 at 14:02 (2,646 days old) by ea56 (Cotati, Calif.) |
||
Whenever I receive an email from a company that I do business with requesting info of any kind, I never click on the link. I delete the email and then go directly to the company website and take care of anything that needs my attention. If the email address contains anything that appears suspious I send it directly to the companies spam site for them to deal with it. The info that Glenn provided is very helpful and we all need to be very aware of the emails we open. If it looks suspious (ie. no subject line entry) to me I delete it immediately, and don't open it at all. Also, be careful about clicking on any junk email link to take your email address off of their email list. I've read that this is another way that dishonest individuals get your info.
Eddie | ||
|
Post# 916374 , Reply# 5 1/19/2017 at 14:04 (2,646 days old) by Kb0nes (Burnsville, MN) |
||
Nice investigation Glenn! I seldom take the time to look it up, usually delete and carry on.
Bottom line is if you ever get an unknown email, asking you to click a link or open an attachment don't do it. Especially if the email looks fishy (Phishy??). Many times it looks legit, a message from UPS etc. look at the email address it was sent from, that usually is a clue. Also if you ever get an email from a provider of yours saying a password should be changes DON'T click the link. Go to that service and log in as usual, odds are they aren't prompting for a new password... Final suggestion is to enable two-step authentication wherever you can. When I log into gmail I get a code texted to my phone needed to log in. Nearly impossible for your email to get compromised using the 2nd step. | ||
|
Post# 916375 , Reply# 6 1/19/2017 at 14:09 (2,646 days old) by turquoisedude (.) |
||
look at the email address it was sent from | ||
| Post# 916383 , Reply# 7 1/19/2017 at 15:10 (2,646 days old) by toploader55 (Massachusetts Sand Bar, Cape Cod) | ||
Paypal
@ vintage...
I have been going through a on going thing with PayPal too. I just received another. It looks like legit PayPal,same Logo but the PP rep told me they never address their customers as "Dear Customer", or "Dear Member" , or any other greeting other that "Dear"...members full name. If any of you are receiving e-mails from PayPal unless you know or are expecting emails from them...please forward the email to review@paypal.com. They always want to know about them as there have been endless scams lately. I rarely if ever use PP anymore but just wanted to pass this info along to all. | ||
|
Post# 916403 , Reply# 8 1/19/2017 at 17:03 (2,646 days old) by DADoES (TX, U.S. of A.) |
||
|
A phishing or malware e-mail may not be apparent from the sender address at first look. This one displayed as from J.J Douglas Services bill@jdouglas-service.com. The invoice link displays as JJ Invoice #8587028. The .pk angle isn't apparent unless 1) one looks at the status bar on it in the mail program when hovering the mouse over it (and not all email programs show this info) or 2) after clicking the link to open it in a browser or 3) by copying/pasting it into a browser or 4) examining the source code of the email. | ||
| Post# 916415 , Reply# 9 1/19/2017 at 19:02 (2,646 days old) by alr2903 (TN) | ||
|
Thanks Glen for the heads up! I usually delete and open the site (if I do business with them), from my favorites bar. I am not freaked out but being vigilant is good and can save you a world of grief. A | ||
|
Post# 916523 , Reply# 10 1/20/2017 at 10:33 (2,645 days old) by Tomturbomatic (Beltsville, MD) |
||
|
Thank you, Glenn, for sharing your expertise.
Have a great day, Tom | ||
| Forum Index: |
| Other Forums: |
|
|
|
|
|
Comes to the Rescue!
