Archives for April 2016

Phishers Getting Sneakier All The Time

I belong to a lot of Yahoo Groups and own/moderate some of them.  I suspect a lot of other folks do as well.

Lately I have been getting a lot of those ‘Invoice attached’ emails in just one of my groups.  I always delete them unopened. No telling what malware is contained in that ‘invoice’, and I don’t care to find out.

Now in the same account the scums are trying another tactic, telling me my account is disabled due to suspicious activity, with instructions :

To try to regain access to your account, please visit our having trouble signing in page and select “I’m having other problems signing in.”
Follow the steps and you’ll be taken to our account recovery form, where we’ll ask you some questions to help verify your identity.

We apologize for any inconvenience this may have caused, and thank you for your cooperation.

I placed my cursor over the link and saw this:

If I had been so foolish as to click the link and follow those prompts, no tell what would have happened. I have no doubt the link was somehow disguised as well.

I checked the IP address for the phish using IP NetInfo and at first it looked legit until I read this line:

189.230.67.192    Succeed    Mexico    MX-USCV4-LACNIC    Uninet S.A. de C.V.    189.224.0.0    189.239.255.255    189.224.0.0/12    Yes    GESTION DE CAMBIOS    Insurgentes Sur, 3500, Piso 4 Peña Pobre, 14060 – Tlalpan – DF        gccips1@REDUNO.COM.MX    abuse@UNINET.NET.MX    +52 55 56244400 []        LACNIC        dsl-189-230-67-192-dyn.prod-infinitum.com.mx

So this scammer is really trying hard to circumvent any attempt to find him.

Just can’t be too careful!