Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Is this really a Microsoft site, or just another phishing scam??

Reply
Thread Tools

Is this really a Microsoft site, or just another phishing scam??

 
 
Wimbo
Guest
Posts: n/a
 
      02-16-2005
Hi,

A couple of months ago, I bought a MSDN Universal Subscription. Today I
received an e-mail with the request of validating my registered
information. B.t.w. the received e-mail is in dutch.

Somehow I have my doubts:
1) first wordt in the subject is misspelled (belagrijk instead of belangrijk)
2) microsoft.eu.subservices.com as starting point. Subservices????
3) whois info of subservices has no link with MS whatsoever.
4) subservices.com or www.subservices.com is not responding.
5) I can also review my information on the official MSDN pages, so why a
*new* domain?

The use of SSL isn't convincing. Every nerd can aquire a SSL cert for
his/hers domain (subservices.com).

I have my doubts. Or this is a clumsy way of notifying customers, or it's a
very good job in trying to 'hijack' MSDN subscriptions (or something else).

The e-mail header and contents is listed below [the '***' replace personal
info]:

Received: from relay2.***.com (unknown [10.4.200.8])
by smtpscan-nl2.****.nl (Postfix) with ESMTP id DBBE5816
for <********@***.com>; Tue, 15 Feb 2005 20:52:22 +0100 (MET)
Received: from mail03.mail.esat.net (mail03.mail.esat.net [193.95.141.48])
by relay2.***.com (8.11.6p2-20030924/8.11.6) with ESMTP id j1FJqMI19127
for <********@***.com>; Tue, 15 Feb 2005 20:52:22 +0100
Received: from (eu.subservices.com) [193.95.172.210]
by mail03.mail.esat.net with smtp
id 1D18kA-0007Pu-00; Tue, 15 Feb 2005 19:52:22 +0000
Message-ID: <(E-Mail Removed)>
X-EM-Version: 5, 0, 0, 13
X-EM-Registration: #0100551D10A00D003200
From: "MSDN" <(E-Mail Removed)>
To: "Willem ***" <********@***.com>
Subject: Belagrijk: controleer uw MSDN Account-informatie
Date: Tue, 15 Feb 2005 19:57:39 -00
MIME-Version: 1.0
Content-Type: text/html; charset=ISO-8859-1

Geachte MSDN-gebruiker,

In aansluiting op de u geboden diensten als onderdeel van uw abonnement,
hebben wij soms Microsoft- en partneraanbiedingen die relevant en voor u
van interesse kunnen zijn. Wij zouden graag uw voorkeur willen vernemen
over hoe wij uw persoonlijke informatie kunnen gebruiken om u van over deze
additionele diensten te kunnen informeren. Dit heeft geen invloed op de
levering van uw zendingen, programma aankondigingen en herinneringen voor
verlenging en andere informatie met betrekking tot uw abonnement.

Om uw voorkeur aan te passen logt u in op:

https://microsoft.eu.subservices.com/msdn/Default.asp en selecteert
"View/Update MSDN account details". U **** van deze gelegenheid ook gebruik
maken om te controleren of uw huidige gegevens correct zijn.

Uw login informatie is:
Voornaam: Willem
Achternaam: ******
E-mail adres: *******@***.com
Abonnementnummer: <SOME SORT OF ABBO NUMBER>

Microsoft verplicht zich uw privacy te beschermen. Voor meer informatie
gaat u alstublieft naar http://www.microsoft.com/privacy.

Met vriendelijke groet

MSDN Information Centre
http://microsoft.eu.subservices.com/msdn/

************************************************** *****************

Gelieve deze e-mail niet te beantwoorden. Dit bericht is via een
geautomatiseerd systeem opgesteld en verzonden, en het gebruikte
e-mailadres wordt niet gecontroleerd. Voor verdere informatie of hulp ****
u contact met ons opnemen via de hierboven genoemde methodes.

************************************************** *****************

Microsoft adviseert gebruikers met internettoegang hun Microsoft software
regelmatig te updaten om hun computer tegen virussen en andere kwaadaardige
software te beschermen. De eenvoudigste manier dit te doen is door volgende
website te bezoeken: http://www.microsoft.com/protect


/Wimbo

 
Reply With Quote
 
 
 
 
Vanguard
Guest
Posts: n/a
 
      02-16-2005
"Wimbo" <wimbo_online@_REMOVETHIS_hotmail.com> wrote in message
newsxIQd.153$(E-Mail Removed)...
> Hi,
>
> A couple of months ago, I bought a MSDN Universal Subscription. Today
> I received an e-mail with the request of validating my registered
> information. B.t.w. the received e-mail is in dutch.
>
> Somehow I have my doubts:
> 1) first wordt in the subject is misspelled (belagrijk instead of
> belangrijk)
> 2) microsoft.eu.subservices.com as starting point. Subservices????
> 3) whois info of subservices has no link with MS whatsoever.
> 4) subservices.com or www.subservices.com is not responding.


<snip>

Phish sites don't last very long after getting reported to their
upstream provider. I've even seen one that tried to use redirection
using URLbee.com and then to a <domain>.tzo.com site for dynamic DNS
resolution to their home computer but all it takes is to report it to
TZO.com (and to the home computer user's ISP; i.e., their upstream
provider).

An nslookup and tracert cannot find the [eu.]subservices.com site
because there is no DNS record for it (in my DNS servers). However, I
did find https://microsoft.eu.subservices.com/. Check your profile at
Microsoft. There are several subdomains there of
"microsoft.CC.subservices.com" where CC is the country code. Did you
subscribe to any of their newsletters? Could Microsoft contracts out
this "subscription" service to a 3rd party. Visit
http://www.microsoft.com/technet/abo...ions/faqs.mspx (which
is a Microsoft domain) and read the questions titled "What if I'm a
subscriber, but I don't know how many issues I have remaining?" and "How
can I sign up to receive DVD?". So Microsoft is saying subservices.com
is their subscription provider.

You might visit http://www.antiphishing.org/index.html; read
http://www.infoworld.com/article/05/...network_1.html (I
just found this yesterday on the very day it was announced). You can
then check if they have a archival copy of your phish e-mail so you can
qualify that it was indeed a phish mail. I haven't subscribed to any of
them for quite awhile so I don't have any e-mails to look at their
headers to see from where they originate, but Microsoft's own page noted
above mentions that site as where they contract to handle your
subscriptions.

 
Reply With Quote
 
 
 
 
Jim Watt
Guest
Posts: n/a
 
      02-16-2005
On Wed, 16 Feb 2005 15:12:36 +0100, Wimbo
<wimbo_online@_REMOVETHIS_hotmail.com> wrote:

>
>A couple of months ago, I bought a MSDN Universal Subscription. Today I
>received an e-mail with the request of validating my registered
>information.


undoubtedly phishing - nobody would ask you to 'validate'
they already know.

I still get occasional 'here is an important patch from Microsoft'

they don't send thiose either.
--
Jim Watt
http://www.gibnet.com
 
Reply With Quote
 
winged
Guest
Posts: n/a
 
      02-17-2005
Jim Watt wrote:
> On Wed, 16 Feb 2005 15:12:36 +0100, Wimbo
> <wimbo_online@_REMOVETHIS_hotmail.com> wrote:
>
>
>>A couple of months ago, I bought a MSDN Universal Subscription. Today I
>>received an e-mail with the request of validating my registered
>>information.

>
>
> undoubtedly phishing - nobody would ask you to 'validate'
> they already know.
>
> I still get occasional 'here is an important patch from Microsoft'
>
> they don't send thiose either.
> --
> Jim Watt
> http://www.gibnet.com

Heh even their Microsoft patch announcement dates are getting old.
Shucks most of mine are still announcing the January patches. Shucks
can't find good spammers these days, worse many appear that English is
not their native tongue. Watch out though, I have seen a number of
these that are not phishing schemes but compromise schemes that use IE
link exploits (cross zone etc) to make zombies. I didn't check out your
link coding in e-mail nor their destinations so I don't "know" if this
was the case in your example or not. Obviously it wasn't from Microsoft.

Winged
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola MCSE 4 11-15-2006 02:40 AM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola Microsoft Certification 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola MCSD 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd realexxams@yahoo.com Microsoft Certification 0 05-10-2006 02:35 PM
microsoft.public.dotnet.faqs,microsoft.public.dotnet.framework,microsoft.public.dotnet.framework.windowsforms,microsoft.public.dotnet.general,microsoft.public.dotnet.languages.vb Charles A. Lackman ASP .Net 1 12-08-2004 07:08 PM



Advertisments