Sponsored by..

Monday 24 October 2016

Generic email phish tries to bamboozle with jargon

This phishing spam tries to confuse potential victims by throwing legitimate-looking jargon around.

From: Postmaster [mailer-daemon@mailhost.rceit.com]Date: 24 October 2016 at 15:43

To: victim@victimdomain.tld
Subject: Warning: Incoming Messages for victim@victimdomain.tld is [13 undelivered messages]

This message was created automatically by mail delivery software inbound-mail-x1.501.102.43.1

I'm afraid I wasn't able to deliver 13 contact email messages since October 16 2016 for victim@victimdomain.tld

To retrieve your emails and reconfigure Port 486, Click Here

Warning: Failure to do this will lead to total suspension of your email account.

Remote host said: 550 sorry, can't deliver message to your inbox

                                                                                               Please delete and Ignore if this is not your email address.

Clicking on the link ends up at a generic phishing site (in this case the link was foodworkshighcountry.com.au/inbound/index2.htm?victim@victimdomain.tld) which throws even more jargon including these lines:

An error in your SMTP/POP settings is blocking your incoming emails……

Subject:     Error loading some of your inbox messages
User:     %0%
Bounce reason:   
An error in your SMTP/POP settings is blocking your incoming e-mails
550-5.1.1 :POP configuration text can not be verified
550-5.1.2:Login encountered an unhandled error in your SSL settings
550-5.1.3:Login encountered an unhandled error in your SSL settings
Suggested Solution:   

    Please fill out the form below. Once the error is fixed, our team will contact you.
    Email address:   

    Your e-mail may be completely blocked, if you do not report this error.

Content-Type: multipart/alternative; boundary=001a1135f63edd4472050da42d05.

Typing your username and password will send it to the bad guys. Not all phishing emails look stupid, and although this one doesn't really make sense when you look at it closely, it looks authentic enough that it might fool some people.

No comments: