| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 122789 | 2012-01-12 23:57:00 | Two oddities in apparent spam | Billy T (70) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1253723 | 2012-01-12 23:57:00 | Hi Team Checking incoming mail this morning I saw what appears to be a typical "Yahoo account verification" spam message, but it contains what looks like a several lines of code, plus two things I haven't seen before (all three bolded below). The second appears to be the sender's email address (whether they know it or not) and the third appears to be a link to a spreadsheet on a 'secure' site. I'm just curious............. Cheers Billy 8-{) X-Apparently-To: XXXXXl@xtra.co.nz via 124.108.96.109; Thu, 12 Jan 2012 12:16:40 -0800 Received-SPF: none (domain of yahoo.com does not designate permitted sender hosts) X-YMailISG: CiR5ZkEWLDvB9lJLzYuLEzAsBTBHlwxk9ZuU0pV0cBN9ABek CEa33MVn737sSxgW10XW8OLhBMhtQX1Rz2NQVuB9a5RopT5jp_ 5045vXDVrW A_ORldF1gHxpI03b.bEf9xLfRpSMrnSNrM3rtz0vZl14GLXy.n qpP9Hk.gjq zEW8Wd8lnTsdvyZl9v5wamIE8jzq_dRITM4xxlPzUHr47u7Tvf EqGTrPT8NO K47en0nG5Gu55dnysh.PELnsF7SOQQ5xhjx2KTWKa3PbstL8um 0XmSTg.dg_ mPT4UuEW0OFFLXHSO1HACAPejEkrT2Vs.9UZpRABiifjA4azov bQyxGaH9Jf HJX4Pmd_GdycyXC7iEKd0LjuoMP_hOYEbGOdYw-- X-Originating-IP: [82.132.130.151] Authentication-Results: mta1010.tnz.mail.aue.yahoo.com from=yahoo.com; domainkeys=neutral (no sig); from=yahoo.com; dkim=neutral (no sig) Received: from 127.0.0.1 (EHLO mail.o2.co.uk) (82.132.130.151) by mta1010.tnz.mail.aue.yahoo.com with SMTP; Thu, 12 Jan 2012 12:16:38 -0800 Received: from user-PC (41.139.96.169) by mail.o2.co.uk (8.5.119.05) (authenticated as janmon19@o2.co.uk) id 4EEB65B0041244C7; Thu, 12 Jan 2012 20:15:19 +0000 Message-ID: <4EEB65B0041244C7@> (added by postmaster@mail.o2.co.uk) From: "Yahoo! Alert!"<no-reply@yahoo.com> Subject: Yahoo! Account Verification (Xtra Account User) Date: Thu, 12 Jan 2012 21:15:19 -0800 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Antivirus: avast! (VPS 120112-0, 01/12/2012), Outbound message X-Antivirus-Status: Clean <div id="yiv339695189"> <img alt="" src="l.yimg.com border="0" hspace="0"><br> <br> Your two incoming mails were placed on pending status due to the recent upgrade to our database,<br> In order to receive the messages <a rel="nofollow" target="_blank" href="docs.google.com Q"> Click here </a>to login and wait for responds from <span class="yiv339695189yshortcuts" id="yiv339695189lw_1297288229_1" style="border-bottom: 2px dotted rgb(54, 99, 136); cursor: pointer;"> Yahoo</span>.<br> We apologies for any inconvenience and appreciate your understanding.<br> <br>Regards, Yahoo Group. <hr><font size="1">The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. <br>Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited.<br> If you received this in Spam, please kindly move it to inbox.</font> </div> |
Billy T (70) | ||
| 1253724 | 2012-01-13 00:10:00 | I somehow doubt that Yahoo are now using Google Docs Spreadsheets to store confidential details in ;) But yes, that o2 address does look suss. Forward it to abuse@o2.co.uk ;) | Chilling_Silence (9) | ||
| 1253725 | 2012-01-13 00:12:00 | Just regular phishing, from a compromised O2 user as they authenticated, and the listed O2 mail server that sent it to Yahoo checks out. The X-YMailISG: is just a tag added by Yahoo for their own purposes, probably tracking your email or for targeting ads or some such. |
fred_fish (15241) | ||
| 1 | |||||