Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Earthlink Password Scam
0 views
Skip to first unread message
Robert Baer
Jan 9, 2004, 3:03:15 AM1/9/04
to
R...@home.net wrote:
>
> From: - Thu Jan 08 21:38:43 2004
> X-UIDL: 1aEM7M1KO3NZFlr0
> X-Mozilla-Status: 0001
> X-Mozilla-Status2: 00000000
> Status: U
> Return-Path: <Dupuy_G...@excite.com>
> Received: from com.mx ([200.67.184.99]) by killdeer (EarthLink
> SMTP
> Server) with SMTP id 1aEM7M1KO3NZFlr0 for <laine...@earthlink.net>;
> Thu, 8 Jan 2004 18:11:45 -0800 (PST)
> Received: from dsl-200-67-184-99.prod-infinitum.com.mx
> (dsl-200-67-184-99.prod-infinitum.com.mx [200.67.184.99]) by com.mx
> (8.12.8p1/8.12.8) with ESMTP id rbzkkz681275 for
> <Roy at Home @earthlink.net>; Fri, 09 Jan 2004 03:10:15 -0400 (EST)
> Date: Fri, 09 Jan 2004 03:10:13 -0400 (EST)
> From: Earthlink Security Dept. <earthli...@excite.com>
> X-Mailer: The Bat! (v1.61) Personal
> Reply-To: Dupuy_G...@excite.com
> X-Priority: 3 (Normal)
> Message-ID: <712822459.61...@excite.com>
> To: Roy at Home @earthlink.net
> Subject: Important Security & Fraud Alert From Earthlink.net
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="----------867984224468152"
>
> Dear Earthlink valued customer,
>
> We have noticed that an un-authorized access attempt was made to your
> account at www.earthlink.net. Our security software has blocked access
> from the intruder to your account, but the un-authorized user's
> attempt
> managed to replace the password on your account.
>
> The password has been restored for mail and internet access, however
> the
> intruder may still be able to get access to your account and or any
> personal information that you might have used with your account.
>
> To avoid further problems with your account such as credit-card
> number,
> or personal information loss we advise you to replace the password to
> your account as soon as possible.
>
> *To change your password, click the button below.
>
> Continue
>
> *Earthlink.net has no responsibility or liability if your information
> is
> lost or stolen if you decide to leave your password the same or elect
> not to change it per our request.
>
> Roy - Carpe Noctem
>
> From: - Thu Jan 08 21:38:43 2004
> X-UIDL: 1aEM7M1KO3NZFlr0
> X-Mozilla-Status: 0001
> X-Mozilla-Status2: 00000000
> Status: U
> Return-Path: <Dupuy_G...@excite.com>
> Received: from com.mx ([200.67.184.99]) by killdeer (EarthLink
> SMTP
> Server) with SMTP id 1aEM7M1KO3NZFlr0 for <laine...@earthlink.net>;
> Thu, 8 Jan 2004 18:11:45 -0800 (PST)
> Received: from dsl-200-67-184-99.prod-infinitum.com.mx
> (dsl-200-67-184-99.prod-infinitum.com.mx [200.67.184.99]) by com.mx
> (8.12.8p1/8.12.8) with ESMTP id rbzkkz681275 for
> <Roy at Home @earthlink.net>; Fri, 09 Jan 2004 03:10:15 -0400 (EST)
> Date: Fri, 09 Jan 2004 03:10:13 -0400 (EST)
> From: Earthlink Security Dept. <earthli...@excite.com>
> X-Mailer: The Bat! (v1.61) Personal
> Reply-To: Dupuy_G...@excite.com
> X-Priority: 3 (Normal)
> Message-ID: <712822459.61...@excite.com>
> To: Roy at Home @earthlink.net
> Subject: Important Security & Fraud Alert From Earthlink.net
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="----------867984224468152"
>
> Dear Earthlink valued customer,
>
> We have noticed that an un-authorized access attempt was made to your
> account at www.earthlink.net. Our security software has blocked access
> from the intruder to your account, but the un-authorized user's
> attempt
> managed to replace the password on your account.
>
> The password has been restored for mail and internet access, however
> the
> intruder may still be able to get access to your account and or any
> personal information that you might have used with your account.
>
> To avoid further problems with your account such as credit-card
> number,
> or personal information loss we advise you to replace the password to
> your account as soon as possible.
>
> *To change your password, click the button below.
>
> Continue
>
> *Earthlink.net has no responsibility or liability if your information
> is
> lost or stolen if you decide to leave your password the same or elect
> not to change it per our request.
>
> Roy - Carpe Noctem
Yes, i also have gotten fake messages "from" earthlink.
Two common clues: 1) message says something wrong with billing or
login, and 2) has a link that supposedly will allow one to fix the
problem.
The one you show has obviously wrong header info, one cannot rely on
header info as being the only clue of something wrong.
The best practice is: 1) send message with all headers to
ab...@earthlink.net, 2) log to one's account by hand and check all
attributes, and 3) toss the message.
0 new messages