Discussion:
Related:: Why are these phishing addesses not valid?
(too old to reply)
micky
2021-11-08 15:06:34 UTC
Permalink
Related to email but not a specifically Eudora question:

Just got this email, the most recent of several from Peru that claims to
be in charge of my USA email account.

What gets me is the link they want me to use, http:/mail.rcn.commmm. I
put in 3 extra m's so no one would accidentally click on it.

So they left out a slash, was that on purpose?

But the question is..I thought if the middle node, rcn, was a a real
one, changing the first node to mail would still give a link that
belongs to www.rcn.com, which is the URL of one of my mail servers.

Also the To: line looks like it has a valid domain. ???

Would correcting and clicking on the zimbra link install a virus, or is
it just phishing?



From: "?© +RCN Telecom Services" <***@pucp.edu.pe> [Peru!!!]
Date: Mon, 8 Nov 2021 19:00:45 +0530
Subject: Re: Very Important Information Regards Your RCN
To: ***@rcn.commmm

Your incoming mails and documents have been placed on hold due to the
recent spam activities on our server.


we need you to verify your account before you can view the new emails
and documents. to verify kindly click on URL below and login.


http:/mail.rcn.commmm/zimbra


© 2021 RCN Telecom Services, LLC. All Rights Reserved.
Piet
2021-11-10 21:35:42 UTC
Permalink
Post by micky
Just got this email, the most recent of several from Peru that claims
to be in charge of my USA email account.
Let them claim heaven and hell, and dump them into trash. Or make
a filter that does that for you before you even have a chance to
look at the message.
Post by micky
What gets me is the link they want me to use, http:/mail.rcn.commmm.
I put in 3 extra m's so no one would accidentally click on it.
You're a bit shortsighted. Had you hovered the cursor over that
would-be-url, you'd have noticed right away the real underlying
url *does* have two slashes. It's a very common way to lure people
to malware sites, but it's also commonly used by trusted companies
hide a url ("difficult" for the computer-ignorant) in the way it's
done on webpages.
Post by micky
So they left out a slash, was that on purpose?
You bet! It draws attention, and out of curiosity people will click
on the "incorrect" link.
Post by micky
Would correcting and clicking on the zimbra link install a virus,
or is it just phishing?
Just click on it and you may be lost already.

-p
micky
2021-11-11 16:12:15 UTC
Permalink
In comp.mail.eudora.ms-windows, on Wed, 10 Nov 2021 22:35:42 +0100, Piet
Post by Piet
Post by micky
Just got this email, the most recent of several from Peru that claims
to be in charge of my USA email account.
Let them claim heaven and hell, and dump them into trash. Or make
a filter that does that for you before you even have a chance to
look at the message.
Post by micky
What gets me is the link they want me to use, http:/mail.rcn.commmm.
I put in 3 extra m's so no one would accidentally click on it.
You're a bit shortsighted. Had you hovered the cursor over that
would-be-url, you'd have noticed right away the real underlying
Ugh. I don't know why I didn't do that. I know about it. I'm trying
to find the email again in my inbox trash but can't find it yet.
Post by Piet
url *does* have two slashes. It's a very common way to lure people
to malware sites, but it's also commonly used by trusted companies
hide a url ("difficult" for the computer-ignorant) in the way it's
done on webpages.
Post by micky
So they left out a slash, was that on purpose?
You bet! It draws attention, and out of curiosity people will click
on the "incorrect" link.
Aha.
Post by Piet
Post by micky
Would correcting and clicking on the zimbra link install a virus,
or is it just phishing?
Just click on it and you may be lost already.
Oh, no!
Post by Piet
-p
Loading...