Jump to content

Yet another Phishing letter; DiscoverCard.. Close to home; Wife


ShyWriter

Recommended Posts

 BEGIN ORIGINAL LONG EMAIL HEADER


Return-Path: <ringvald@brandeis.edu>
Received: from mail-qc0-f196.google.com (mail-qc0-f196.google.com [209.85.216.196])
 (using TLSv1 with cipher RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mtain-mp10.r1000.mx.aol.com (Internet Inbound) with ESMTPS id E3B56380000B2
 for <saxxxxx@aol.com> Fri,  7 Feb 2014 08:52:00 -0500 (EST)
Received: by mail-qc0-f196.google.com with SMTP id c9so1703499qcz.3
        for <saxxxxx@aol.com> Fri, 07 Feb 2014 05:52:00 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:message-id:content-type:mime-version:subject:to
         :from:date;
        bh=0izqEhXiX8d/7Dy/VSP5VLzajSYc9p0Hu52gEyZo56M=;
        b=AaC1uoHqEBdzmGSIq9NEOzYf6nz8d8oo6MlhGlVp99uPhDjwACA/xumpCXtaW+vJbZ
         Z756ApILU81RqsEbR2ErSBHcpQEifRN35Bm6/wCENnwdhq67FeGP9kffMWtR4XeBSBaB
         JaqNfRSGTrodVZheiPkb2SxBhD4F+uDqFKrbHlgEjgrRCw2XZaaTGx7wtMsDtKBnK2Kx
         wU8iNfOgPUICtR8A2x6cRvO3lyqamKw1s/t2jdFMKe4PyqBX3U7u8SgZsVRBusa54wyU
         NI2DTyFWsGIhpz1EvupNhSMG++mB+AWPMzSHR0VuW3XWoJXsv80wODY0Thm7NZr0Ujr4
         ZUGA==
X-Gm-Message-State: ALoCoQniRh1bQKi9bUUP9EsB1Bz4qdFP+J0NW0PgBpLdwY+NagMGZL3VQOPEa394ivsI9WIBrUw1
X-Received: by 10.224.88.131 with SMTP id a3mr22464325qam.34.1391781120674;
        Fri, 07 Feb 2014 05:52:00 -0800 (PST)
Received: from term.KarrShermanCo.local (smtpout.karrsherman.com. [66.193.29.122])
        by mx.google.com with ESMTPSA id d7sm13496851qad.10.2014.02.07.05.51.58
        for <multiple recipients>
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Fri, 07 Feb 2014 05:52:00 -0800 (PST)
Message-ID: <52f4e500.8707e00a.11c0.ffffe1b8@mx.google.com>
Content-Type: multipart/alternative; boundary="===============0757205506=="
MIME-Version: 1.0
Subject: =?utf-8?q?Online_Update=3A_Regarding_Your_Discover_Card=C2=AE?=
To: Recipients <safe@discover.com>
From: Discover Card <ringvald@brandeis.edu>
Date: Fri, 07 Feb 2014 08:51:52 -0500
x-aol-global-disposition: G
Authentication-Results: mx.aol.com;
 spf=pass (aol.com: the domain brandeis.edu reports 209.85.216.196 as a permitted sender.) smtp.mailfrom=brandeis.edu;
x-aol-sid: 3039ac1dc14e52f4e5001adb
X-AOL-IP: 209.85.216.196
X-AOL-SPF: domain : brandeis.edu SPF : pass


 END ORIGINAL LONG HEADER
 BEGIN PHISHING

 From: ringvald@brandeis.edu
To: safe@discover.com
Sent: 2/7/2014 8:52:01 A.M. Eastern Standard Time
Subj: Online Update: Regarding Your Discover Card®


 
Dear Cardmember


The security of your personal information is our primary concern.


Recently we observe suspicious login attempt to your Discover Card® account


All information associated with this account has been temporarily limited

 

We implore you to confirm your account by following our secure site [https://www.discovercard.com] (actual URL= http://dicasdosmelhores.com/iso.php) to avoid account suspended << (should have said "suspension")

 

 

Sincerely,


Discover Card® Customer Service
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
IMPORTANT INFORMATION


This e-mail was sent to you from Discover.


You are receiving this Discover e-mail as a confirmation of your account activity.


Please do not reply to this e-mail as we are not able to respond to messages sent to this address.


END PHISHING LETTER


Thanks for looking in to this..
Antxxxx xxxxxxxxxxder
xxxxxxxx@tampabay.rr.com

 

NOTE: Had to use quote to preserve malformed URLS as editor wouldn't accept them..
 

Link to post
Share on other sites

I sent the letter with headers to Discover Card's fraud email - Contact info for fraud there can be reported to any of the following.

 

If you receive what appears to be a fraudulent e-mail from us, please call 1-800-DISCOVER (1-800-347-2683) or e-mail us at emailwatch@discover.com immediately.

 

Thank goodness I've drilled it into my wife's head to NEVER do anything with any email concerning money, credit cards, SSNs, etc except to let me know so I can check them out. ;)

 

Steve

Link to post
Share on other sites

Yep, I always forward them to our internal folks and to the company being spoofed.

 

Sometimes, the crooks succeed even with the most cautious folks who succumb in a split second of weakness -- we recently got hit with one that spoofed our own internal InfoSec department.

 

Quite a few 1000 folks ended up having to change their passwords (& take other counter-measures) after clicking the link in that particular email. :o

I nearly fell for it, too, in a hurry...

 

Vigilance, vigilance.....

Link to post
Share on other sites

I will report it to Malwarebytes as phishing, I'm not sure if the researchers browse this section.

 

Edit: the site is dead now :)

 

Thanks @Malware1 ... I never even thought to post the site in the Malware section. My bad.. :blush:  Appreciate you taking care of it for me.

 

Steve

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.