ISP phishing

Tue Jun 28 23:29:51 UTC 2005

At 05:17 PM 6/28/2005, Mark Tombaugh wrote:
>On Thu, 2005-06-23 at 09:54 -0400, Robert Boyle wrote:
> > we enabled a global rule which blocks
> > any email from accounts such as billing, root, postmaster, antivirus,
> > abuse, security, etc. which don't originate from our management IP space
> > where our people work. As a result, we have stopped these phishing scams
> > for our users dead in their tracks.
>
>You sound so sure about that... Am I missing something?

>From: E-gold Safeharbor Department <up-accounts at e-gold.com>
>Subject: Attention! Your account has been violated!
>
>From: "SOUTHTRUST" <support_refnum_2416154 at southtrust.com>
>Subject: SouthTrust Bank: important account notification

We have stopped the phishing which looks like it is from 
us(tellurian.net/tellurian.com/garden.net). Not from "their" bank, paypal, 
ebay, credit card companies, etc. Our main concern was with messages which 
looked like they were from support at tellurian.net telling people there was a 
problem with their email and they have to run this file or a problem with 
their account payment from billing at tellurian.net and the details were in 
the attached file. To the novice user, it may look legitimate since we are 
their ISP and with that comes a certain amount of trust - despite the fact 
that we would never send files to our customers and tell them to run them. 
However, the spoofed messages from us have completely stopped now. The 
regular phishing scams continue, but SPF does help with this if the 
customers have turned it on for their account. Unfortunately, the customers 
smart enough to turn it on usually won't be suckered by phishing scams in 
the first place.

-Robert

Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin