2018-10-02 17:30:09 UTC
There is a bigger email component to this post further down.
I got an email today saying that they could tell I had recently used
Skype ver. 7 and that support for that was ending in November.
I almost did that until I checked my Skype and it said it was version
12! About this Version: Skype 12.1815.210.0 Is this an old phishing
email and they forgot to change 7 to 12?
But I went to Skype Download and by golly, it wants to install version
8. Not 12 or 13.
What's going on? Do I have version 12 now or version 7?
Another strange thing about the email I got is that none of the headers
show. I use Eudora and it's set up to show To:, From:, Date:, and
Subject: and if I click on Blah-blah-blah, it shows the rest. For this
email, maybe the first or second ever, no header is showing and if I
click on Blah-blah-blah, once the headers showed for a couple seconds,
but then it scrolled down, and when I went back up, they weren't there.
Hiding them and showing them again usually didn't show any (though the
same thing happened one more time), but the white margin at the top
increased by an inch.
Aha, Ctrl-A shows the header lines in blue, 43 lines per vertical inch.
So the headers are in white on a white background. When I enlarge the
page, I can make them 4 inches high, but they are still too short and
thin to read!
So let's copy them here. I think that will change their size:
Received: from mx01.rcn.cmh.synacor.com (LHLO mx.rcn.com) (10.33.3.179)
md03.rcn.cmh.synacor.com with LMTP; Tue, 2 Oct 2018 12:36:48 -0400
X_CMAE_Category: , ,
X-CNFS-Analysis: v=2.2 cv=VK+fpJHX c=1 sm=1 tr=0
a=KGjhK52YXX0A:10 a=6giede-wJD4A:10 a=smKx5t2vBNcA:10
a=r77TgQKjGQsHNAKrUKIA:9 a=BZSrzMhrAAAA:8 a=yMhMjlubAAAA:8
a=sHkOoLhA2rukYXD2AQ8A:9 a=QEXdDO2ut3YA:10 a=SSmOFEACAAAA:8
a=FTdzzXgEAAAA:8 a=X3osjzD9AAAA:8 a=zY8zc4w2AAAA:8
a=1d2ZUhy_XEPZWRU1DWcA:9 a=P9ldekxQUiuG6ZBH:21 a=_W_S_7VecoQA:10
a=frz4AuCg-hUA:10 a=9WGsHDE11_sA:10 a=WzykwQ6jd5kA:10 a=_6a4iHMk3kYA:10
X-Scanned-by: Cloudmark Authority Engine
X-Received-HELO: from [126.96.36.199] (helo=litemail57.bigfoot.com)
header.DKIM-Signaturefirstname.lastname@example.org; dkim=permfail (body hash
did not verify)
Received-SPF: fail (mx01.rcn.cmh.synacor.com: domain
bounce.email.skype.com does not designate 188.8.131.52 as permitted
Received: from [184.108.40.206] ([220.127.116.11:4487]
by mx.rcn.com (envelope-from
(ecelerity 18.104.22.168547 r(Core:22.214.171.124)) with ESMTP
id EC/D2-10158-F9E93BB5; Tue, 02 Oct 2018 12:36:48 -0400
Received: by LITEMAIL57.bigfoot.com (LiteMail v3.03(LITEMAIL57)) with
SMTP id 1810020935_LITEMAIL57_7662224_10221386;
Tue, 02 Oct 2018 09:36:46 -0700
Received: from mta21.email2.microsoft.com ([126.96.36.199])
by litemail17.bigfoot.net with SMTP id 1538497996.12200;
Tue, 02 Oct 2018 12:33:18 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=200608;
Received: by mta21.email2.microsoft.com id hmef9q163hss for
<***@bigfoot.com>; Tue, 2 Oct 2018 16:32:13 +0000 (envelope-from
From: "Skype" <***@email.skype.com>
Subject: A Skype update may be required
Date: Tue, 02 Oct 2018 10:32:13 -0600
So, does this look real? How suspicious is it that they tried so hard
to hide the headers? The Skype page about phishing says that
email.skype.com is one of their 7 genuine domains, but can't a phisher
use any from address he wants?
On the phone, the updates happen automatically I assume and I don't
know where to find the version number of any app I have. What's a guy
BTW, who named phishing phishing? Surely not the phishermen?