cancel
Showing results for 
Search instead for 
Did you mean: 

Phishing Email

Moderator
Moderator
Posts: 25,988
Thanks: 1,239
Fixes: 50
Registered: 14-04-2007

Phishing Email

I have just received an email on webmail with this Subject:
[-SPAM-] [PHISHING]: Important Internet Banking Message From Royal Bank of Scotland Digital Banking
My question is where is the [PHISHING] bit being added.
Is it PN, Postini or other Huh
Haven't seen it before and now I have 2.

Customer and Forum Moderator.

12 REPLIES
ChrisL
Grafter
Posts: 733
Thanks: 2
Registered: 13-12-2007

Re: Phishing Email

Looks like the sender spoofing it? Very clever!
Moderator
Moderator
Posts: 25,988
Thanks: 1,239
Fixes: 50
Registered: 14-04-2007

Re: Phishing Email

....very illogical  Huh
Bit like a burglar dropping a card through someone's door announcing they will be visiting at 3am tomorrow morning.

Customer and Forum Moderator.

Plusnet Alumni (retired) orbrey
Plusnet Alumni (retired)
Posts: 10,540
Registered: 18-07-2007

Re: Phishing Email

It's not any of our software, the only software I've seen that tags mails like that is thunderbird. However you said it was received in your webmail folder, so it wasn't your thunderbird that did it... very odd.
Moderator
Moderator
Posts: 25,988
Thanks: 1,239
Fixes: 50
Registered: 14-04-2007

Re: Phishing Email

The ever present jelv is going to tell me Postini did it Smiley
@Orbrey I don't have Thunderbird anyway but webmail it is.

Customer and Forum Moderator.

Community Gaffer
Community Gaffer
Posts: 12,996
Thanks: 771
Fixes: 70
Registered: 04-04-2007

Re: Phishing Email

Yeah, I reckon it's the sender trying to be clever. Sneaky blighters!

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

Moderator
Moderator
Posts: 25,988
Thanks: 1,239
Fixes: 50
Registered: 14-04-2007

Re: Phishing Email

Hi Bob
The text is standard phishing stuff so it makes little sense.
I just wondered if Postini might be doing it, maybe on the FC score.
Not a problem though.

Customer and Forum Moderator.

ChrisL
Grafter
Posts: 733
Thanks: 2
Registered: 13-12-2007

Re: Phishing Email

I've never seen anything on Postini that suggests they ever tag the subject line?  But I take your point about the burglars  Smiley -- the psychology is beyond me!
Community Gaffer
Community Gaffer
Posts: 12,996
Thanks: 771
Fixes: 70
Registered: 04-04-2007

Re: Phishing Email

On second thoughts, not sneaky at all!
*Mind boggles*

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

Moderator
Moderator
Posts: 25,988
Thanks: 1,239
Fixes: 50
Registered: 14-04-2007

Re: Phishing Email

Maybe all the bad guys have suddenly developed a conscience.
From now on all spam will be pre-marked [-SPAM-] in the sender's PC before mailing.
All virus payloads will be announced in the Subject line of infected mail prior to despatch.
And we already know about Phishing mail!
What a Wonderful World Grin

Customer and Forum Moderator.

Community Veteran
Posts: 26,528
Thanks: 766
Fixes: 9
Registered: 10-04-2007

Re: Phishing Email

Or the spammers have found someone's system doesn't do any further checking if an email is already marked as SPAM or PHISHING and just lets it through?
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
jnwright
Grafter
Posts: 281
Thanks: 1
Registered: 05-04-2007

Re: Phishing Email

Was it already marked [PHISHING] by another ISP and then forwarded by someone else's already compromised sytem?
Moderator
Moderator
Posts: 25,988
Thanks: 1,239
Fixes: 50
Registered: 14-04-2007

Re: Phishing Email

That's a very good point.
Quote
Envelope-to: me@ourdomain
Delivery-date: Fri, 18 Jan 2008 14:09:59 +0000
Received: from exprod5mx202.postini.com ([64.18.0.61] helo=psmtp.com)
    by pih-sunmxcore19.plus.net with smtp (PlusNet MXCore v2.00) id 1JFruw-0005aD-8T
    for me@ourdomain; Fri, 18 Jan 2008 14:09:58 +0000
Received: from source ([213.158.196.69]) by exprod5mx202.postini.com ([64.18.4.10]) with SMTP;
    Fri, 18 Jan 2008 07:09:52 MST
Message-ID: <002301c859db$c92b1394$c550750a@laptop>
From: "Royal Bank of Scotland United Kingdom '07" <supprefnum-refnum_54ir@rbs.co.uk>
To: <me@ourdomain>
Bcc: <me@ourdomain>,
    <me@oldaccount.freeserve.co.uk>,
    <me@oldaccount.freeserve.co.uk>,
    <dick.coyle@sci.monash.edu.au>,
    <dick.crabbe@btopenworld.com>,
    <dick.craig@allieddunbar.co.uk>,
    <dick.craig@zurichadvice.co.uk>,
    <dick.cramertn@chellaston.co.uk>,
    <dick.crawshaw@btinternet.com>,
    <dick.crease@oac.co.uk>,
    <dick.critchley@unn.ac.uk>
Subject: [-SPAM-] =?utf-8?Q?[PHISHING]:=20Important=20Internet=20Banking=20Message=20From=20Royal=20Bank=20of=20Scotland=20Digital=20Banking=20Service?=
Date: Fri, 18 Jan 2008 15:09:48 +0200
MIME-Version: 1.0
Content-Type: multipart/related;
    type="multipart/alternative";
    boundary="----=_NextPart_000_001F_01C859E4.2AEF71D0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-pstn-levels: (S: 0.00000/95.56953 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings: 1 (0.1500:0.1500) gt3 gt2 gt1 r p m c
X-pstn-addresses: from <supprefnum-refnum_54ir@rbs.co.uk> [db-null]
X-pn-pstn: Spam 1
X-PN-VirusFiltered: by PlusNet MXCore (v4.00)

Interesting that a couple of the bcc's were old Freeserve accounts of mine Undecided

Customer and Forum Moderator.