Is this really a Microsoft site, or just another phishing scam??

Discussion in 'Computer Security' started by Wimbo, Feb 16, 2005.

  1. Wimbo

    Wimbo Guest

    Hi,

    A couple of months ago, I bought a MSDN Universal Subscription. Today I
    received an e-mail with the request of validating my registered
    information. B.t.w. the received e-mail is in dutch.

    Somehow I have my doubts:
    1) first wordt in the subject is misspelled (belagrijk instead of belangrijk)
    2) microsoft.eu.subservices.com as starting point. Subservices????
    3) whois info of subservices has no link with MS whatsoever.
    4) subservices.com or www.subservices.com is not responding.
    5) I can also review my information on the official MSDN pages, so why a
    *new* domain?

    The use of SSL isn't convincing. Every nerd can aquire a SSL cert for
    his/hers domain (subservices.com).

    I have my doubts. Or this is a clumsy way of notifying customers, or it's a
    very good job in trying to 'hijack' MSDN subscriptions (or something else).

    The e-mail header and contents is listed below [the '***' replace personal
    info]:

    Received: from relay2.***.com (unknown [10.4.200.8])
    by smtpscan-nl2.****.nl (Postfix) with ESMTP id DBBE5816
    for <********@***.com>; Tue, 15 Feb 2005 20:52:22 +0100 (MET)
    Received: from mail03.mail.esat.net (mail03.mail.esat.net [193.95.141.48])
    by relay2.***.com (8.11.6p2-20030924/8.11.6) with ESMTP id j1FJqMI19127
    for <********@***.com>; Tue, 15 Feb 2005 20:52:22 +0100
    Received: from (eu.subservices.com) [193.95.172.210]
    by mail03.mail.esat.net with smtp
    id 1D18kA-0007Pu-00; Tue, 15 Feb 2005 19:52:22 +0000
    Message-ID: <>
    X-EM-Version: 5, 0, 0, 13
    X-EM-Registration: #0100551D10A00D003200
    From: "MSDN" <>
    To: "Willem ***" <********@***.com>
    Subject: Belagrijk: controleer uw MSDN Account-informatie
    Date: Tue, 15 Feb 2005 19:57:39 -00
    MIME-Version: 1.0
    Content-Type: text/html; charset=ISO-8859-1

    Geachte MSDN-gebruiker,

    In aansluiting op de u geboden diensten als onderdeel van uw abonnement,
    hebben wij soms Microsoft- en partneraanbiedingen die relevant en voor u
    van interesse kunnen zijn. Wij zouden graag uw voorkeur willen vernemen
    over hoe wij uw persoonlijke informatie kunnen gebruiken om u van over deze
    additionele diensten te kunnen informeren. Dit heeft geen invloed op de
    levering van uw zendingen, programma aankondigingen en herinneringen voor
    verlenging en andere informatie met betrekking tot uw abonnement.

    Om uw voorkeur aan te passen logt u in op:

    https://microsoft.eu.subservices.com/msdn/Default.asp en selecteert
    "View/Update MSDN account details". U kunt van deze gelegenheid ook gebruik
    maken om te controleren of uw huidige gegevens correct zijn.

    Uw login informatie is:
    Voornaam: Willem
    Achternaam: ******
    E-mail adres: *******@***.com
    Abonnementnummer: <SOME SORT OF ABBO NUMBER>

    Microsoft verplicht zich uw privacy te beschermen. Voor meer informatie
    gaat u alstublieft naar http://www.microsoft.com/privacy.

    Met vriendelijke groet

    MSDN Information Centre
    http://microsoft.eu.subservices.com/msdn/

    *******************************************************************

    Gelieve deze e-mail niet te beantwoorden. Dit bericht is via een
    geautomatiseerd systeem opgesteld en verzonden, en het gebruikte
    e-mailadres wordt niet gecontroleerd. Voor verdere informatie of hulp kunt
    u contact met ons opnemen via de hierboven genoemde methodes.

    *******************************************************************

    Microsoft adviseert gebruikers met internettoegang hun Microsoft software
    regelmatig te updaten om hun computer tegen virussen en andere kwaadaardige
    software te beschermen. De eenvoudigste manier dit te doen is door volgende
    website te bezoeken: http://www.microsoft.com/protect


    /Wimbo
     
    Wimbo, Feb 16, 2005
    #1
    1. Advertising

  2. Wimbo

    Vanguard Guest

    "Wimbo" <wimbo_online@_REMOVETHIS_hotmail.com> wrote in message
    news:eek:xIQd.153$...
    > Hi,
    >
    > A couple of months ago, I bought a MSDN Universal Subscription. Today
    > I received an e-mail with the request of validating my registered
    > information. B.t.w. the received e-mail is in dutch.
    >
    > Somehow I have my doubts:
    > 1) first wordt in the subject is misspelled (belagrijk instead of
    > belangrijk)
    > 2) microsoft.eu.subservices.com as starting point. Subservices????
    > 3) whois info of subservices has no link with MS whatsoever.
    > 4) subservices.com or www.subservices.com is not responding.


    <snip>

    Phish sites don't last very long after getting reported to their
    upstream provider. I've even seen one that tried to use redirection
    using URLbee.com and then to a <domain>.tzo.com site for dynamic DNS
    resolution to their home computer but all it takes is to report it to
    TZO.com (and to the home computer user's ISP; i.e., their upstream
    provider).

    An nslookup and tracert cannot find the [eu.]subservices.com site
    because there is no DNS record for it (in my DNS servers). However, I
    did find https://microsoft.eu.subservices.com/. Check your profile at
    Microsoft. There are several subdomains there of
    "microsoft.CC.subservices.com" where CC is the country code. Did you
    subscribe to any of their newsletters? Could Microsoft contracts out
    this "subscription" service to a 3rd party. Visit
    http://www.microsoft.com/technet/abouttn/subscriptions/faqs.mspx (which
    is a Microsoft domain) and read the questions titled "What if I'm a
    subscriber, but I don't know how many issues I have remaining?" and "How
    can I sign up to receive DVD?". So Microsoft is saying subservices.com
    is their subscription provider.

    You might visit http://www.antiphishing.org/index.html; read
    http://www.infoworld.com/article/05/02/14/HNphishreportnetwork_1.html (I
    just found this yesterday on the very day it was announced). You can
    then check if they have a archival copy of your phish e-mail so you can
    qualify that it was indeed a phish mail. I haven't subscribed to any of
    them for quite awhile so I don't have any e-mails to look at their
    headers to see from where they originate, but Microsoft's own page noted
    above mentions that site as where they contract to handle your
    subscriptions.
     
    Vanguard, Feb 16, 2005
    #2
    1. Advertising

  3. Wimbo

    Jim Watt Guest

    On Wed, 16 Feb 2005 15:12:36 +0100, Wimbo
    <wimbo_online@_REMOVETHIS_hotmail.com> wrote:

    >
    >A couple of months ago, I bought a MSDN Universal Subscription. Today I
    >received an e-mail with the request of validating my registered
    >information.


    undoubtedly phishing - nobody would ask you to 'validate'
    they already know.

    I still get occasional 'here is an important patch from Microsoft'

    they don't send thiose either.
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Feb 16, 2005
    #3
  4. Wimbo

    winged Guest

    Jim Watt wrote:
    > On Wed, 16 Feb 2005 15:12:36 +0100, Wimbo
    > <wimbo_online@_REMOVETHIS_hotmail.com> wrote:
    >
    >
    >>A couple of months ago, I bought a MSDN Universal Subscription. Today I
    >>received an e-mail with the request of validating my registered
    >>information.

    >
    >
    > undoubtedly phishing - nobody would ask you to 'validate'
    > they already know.
    >
    > I still get occasional 'here is an important patch from Microsoft'
    >
    > they don't send thiose either.
    > --
    > Jim Watt
    > http://www.gibnet.com

    Heh even their Microsoft patch announcement dates are getting old.
    Shucks most of mine are still announcing the January patches. Shucks
    can't find good spammers these days, worse many appear that English is
    not their native tongue. Watch out though, I have seen a number of
    these that are not phishing schemes but compromise schemes that use IE
    link exploits (cross zone etc) to make zombies. I didn't check out your
    link coding in e-mail nor their destinations so I don't "know" if this
    was the case in your example or not. Obviously it wasn't from Microsoft.

    Winged
     
    winged, Feb 17, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ultraviolet353

    really really mysterious IE6 problem--secure site

    ultraviolet353, Nov 20, 2003, in forum: Computer Support
    Replies:
    7
    Views:
    1,223
    Boomer
    Nov 22, 2003
  2. Ivor Jones

    Sipgate Phishing scam found

    Ivor Jones, Mar 29, 2007, in forum: UK VOIP
    Replies:
    13
    Views:
    899
    Desk Rabbit
    Mar 31, 2007
  3. Who Am I

    ANZ target of phishing scam

    Who Am I, Feb 16, 2006, in forum: NZ Computing
    Replies:
    0
    Views:
    350
    Who Am I
    Feb 16, 2006
  4. Peter Huebner

    BNZ phishing scam warning

    Peter Huebner, Jun 7, 2006, in forum: NZ Computing
    Replies:
    10
    Views:
    709
    wogers nemesis
    Jun 9, 2006
  5. Cash4gold Scam Ripoffreport.com Scam

    , May 27, 2009, in forum: Digital Photography
    Replies:
    3
    Views:
    3,179
    BadForPeople
    May 5, 2012
Loading...

Share This Page