Our virtual home

Social engineering attacks by impersonation

Today I got a technical support mail from my e-mail provider (GMX):

<SPAM mail image removed>

Does it looks like a real warning? Yes, reading the first two lines of the mail in my OL2003 preview (I'm careful) of the inbox I opened that (bad! But who knows?) and got another warning:

Scan type:  Realtime Protection Scan
Event:  Virus Found!
Virus name: W32.Beagle@mm!zip
File:  Readme.zip
Location:  Mail System

Morality: spamers and worm/virus mass mail senders are real humans. They did not simply take over random e-mail addresses to spoof the sender address, they impersonate it! Fortunately nothing badly happens to my system :-/

You are carefully enough?

» Similar Posts

  1. More spam, more virus
  2. More to know about .NET Timers
  3. Just received: XBox 360

» Comments

  • oleg@tkachenko.com (Oleg Tkachenko) avatar

    We can trust nobody these days...

    oleg@tkachenko.com (Oleg Tkachenko) — Mai 6, 2004 12:04
  • Phil Ringnalda avatar

    My very favorite (so far) of that sort was an email advertising women who would pretend to be naked while talking to me on the phone (yipee!), which pretended to be from caroline {at} philringnalda {fullstop} com. You would think that I would already know her better than that before giving her an email account off a personal domain, wouldn't you?But for the "from the admins of your mail server" ones - I had a free account that I used as a public address for several years. Virus writers started targeting it, so I threw away anything from admin@ unread. It took me several days after I started having trouble connecting to the POP server to discover that the service had shut down, and some of those mails were really from the admin saying that they were shutting down. Ah, well.

    Phil Ringnalda — Mai 6, 2004 12:35
  • TorstenR avatar

    Phil: yes I already know about admin[at]procos.com (there I work as a employee), also stuff[at]procos.com and others non existing. There will be a day they hit a correct name [grrrr]. But handling that I had to modify my mail rule sorting out the procos.com domain to a coworker folder... So for now: awating the mails from admin[at]gmx.net, think I'm well prepeared (hopefully) ;-)

    TorstenR — Mai 6, 2004 3:16
  • Comments are closed