Domain registrar’s personalized email service is target of phishers.
Hover Personalized Email, a service from Tucows, is reporting that its members are receiving phishing emails.
The services lets you sign up for a personalized email address using one of Tucows’ 40,000 last name domain names, which it obtained when it acquired NetIdentity. For example, people with the last name Smith can get [email protected].
Here’s an example of the phishing email:
From: [email protected] [mailto:[email protected]]
Sent: donderdag 7 januari 2010 14:27
To: [email protected]
Subject: A new settings file for the [email protected]
has just been releasedDear user of the smith.net mailing service!
We are informing you that because of the security upgrade
of the mailing service your mailbox ([email protected]) settings
were changed. In order to apply the new set of settings click
on the following link:http://smith.net/owa/service_directory/settings.php?email=diana
&diana&from=smith.net&fromname=dianaBest regards, smith.net Technical Support.
Of course the link is spoofed in the actual email. Hover stresses that all emails coming from Hover will be clearly identified as being from Hover, not something like smith.net.
Thanks for helping us get the word out Andrew. We see two or three webmail oriented phishing scams a month, always a variation on the “we are your administrator and you need to contact us” type of note. These attacks are almost always domain based. In this case, the phish actually isn’t targetted at our personal names subscribers per se, but in fact, is just another variation on the domain based attacks that we’re always seeing. I’m certain that other mail subscribers would see variations on this in the form of “byte.org Technical Support” or “Domainnamewire.com Technical Support”. Most of our mail services are provided on surname based domains, so it is always helpful for us to phrase messages like this using examples that they would be most familiar with. We don’t think that this phish specifically targets Personalized Email subscribers or that the service was in anyway compromised – its just a good example of a reasonably well-worded phishing attempt. Here is another example of an alert we sent out late last year – http://help.hover.com/2009/10/30/email-scammer-warning-protect-your-email-account-2/
Best,
Ross Rader
General Manager, Hover
a division of Tucows Inc.
Thanks for clarifying Ross.
existing and potential customers can easily identify the sender emails. coming from OpenSRS, Hover, YummyNames or Butterscotch which are all part of Tucows.com family of companies, if it states, for example, Hover.com and underneath it “Tucows.com Family of Companies.” Almost everyone knows Tucows.com, but very few will recognize that the aforementioned companies are Tucows-owned.
Funny, just got a similar email for a domain that I own AND host myself.
@Andrew
It’s time for you to use Google Apps Premier Edition, let me know if you’re interested. I can help you.
Cheers,
EM @ KING.NET