Sponsored by..

Friday, 20 July 2007

Wheredidyoubuythat.com spam II

Another phish sent to the compromised Wheredidyoubuythat.com mailing list, again targetted to the UK. Again, no evidence to say that Wheredidyoubuythat.com is actually sending out these phishing emails, but they're being sent to an address ONLY ever used to buy from their web site.

Subject: Account Update
From: "Halifax Plc."
Date: Fri, July 20, 2007 6:58 am
To: *****************

Center Advisory!


Halifax PLC. has been receiving complaints from our
customers for unauthorised use of the Halifax Online accounts. As a
result we are making an extra security check on all of our Customers
account in order to protect their information from theft and

Due to this, you are requested to follow the
provided steps and confirm your Online Banking details for the
safety of your Accounts. Please Click Here To Start .

However, Failure to do so may result in
temporary account suspension. Please understand that this is a
security measure intended to help protect you and your account. We
apologize for any inconvenience.
Thanks for your

Fraud Prevention Unit
Security Center Advisory
Halifax PLC.

Please do not reply to
this e-mail. Mail sent to this address cannot be
answered.For assistance, log in to our account and
choose the "Help" link in the footer of any

To receive email
notifications in plain text instead of HTML, update your preferences

Thank you for using


Russell said...

Hi there,

I find these statements fairly wild claims...anyone with a small amount of knowledge or the ability to do a google search would have a much better idea!

Online gift shop Wheredidyoubuythat.com had its email database compromised a little while ago. I'm currently getting a spate of fraudulent emails sent to an address only used for Wheredidyoubuythat.com and nothing else.

For a blog on spam, security and such this is pretty average on the research mate!

For more information please refer to:

http://en.wikipedia.org/wiki/E-mail_spoofing and http://en.wikipedia.org/wiki/Spoofing_attack - number 6

The sender information shown in e-mails (the "From" field) can be spoofed easily. This technique is commonly used by Spammers to hide the origin of their e-mails...

E-mail spoofing is a term used to describe fraudulent email activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source. E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message. By changing certain properties of the e-mail, such as the From, Return-Path and Reply-To fields (which can be found in the message header), ill-intentioned users can make the e-mail appear to be from someone other than the actual sender. It is often associated with website spoofing which mimic an actual, well-known website but are run by another party either with fraudulent intentions or as a means of criticism of the organization's activities.

It is commonly used to trick people into giving up passwords to various online accounts such as bank accounts and unfortunately works quite well across the world with plenty of people gegtting tricked and losing lots of money!!

The spammer was about as smart as you, silly guy should of used a more generic email from field such as security@lloyds.co.uk as an example...

Conrad Longmore said...

Ah, you misunderstand. The spam wasn't FROM wheredidyoubuythat.com, it was TO a single-use email address that had only been used for that purpose. I do that for everyone I sign up with, so I can always track the spam back to its source.