RSS

Tag Archives: Hackers

Secure Your Inbox; Protecting your (Yahoo) Mail account from phishing scams and hackers

internet_abuse_spamSign-in Seal

Sign-in seals are a safeguard from Yahoo! Mail. They help you fight online phishing scams (people trying to trick you into giving up your password or personal information by spoofing legitimate web sites).

Here’s how your sign-in seal works: You provide us with an image (such as a personal photo) or a secret message. Whenever we ask you to sign into Yahoo! Mail, we’ll display your image or message. If it’s not displayed, you may have landed on a “spoofed” site. It only takes a minute to create your sign-in seal.

Note: Your sign-in seal is saved on the computer that you create it on, not on Yahoo! Mail’s servers. So if you use more than one computer or browser, you’ll want to create a sign-in seal for each one. Also, don’t create a sign-in seal on a computer you share with strangers, such as those in libraries, Internet cafés, and other public places

Phishing Tips

Avoiding phishing scams is tough. Phishers know every trick in the book, and they’re dreaming up new ones as we speak. So here are some things to keep in mind while you’re online:

Don’t believe every warning you read—especially pop-up warnings that appear while you’re surfing the Web. Unscrupulous companies use pop-up ads to display false warnings about your computer. Ignore them.

Do NOT click any button in these pop-ups, such as a “Close” or “No” button, or the “Close” box that may appear in the upper-right corner of the pop-up. Doing this might install a virus or other malicious software on your computer. To safely close a pop-up ad, press Ctrl-W (if you’re using a Windows computer) or Command-W (on a Mac computer).

Be suspicious of “free” advice.You may receive an email that claims to be from a computer expert, warning you of a virus. These are usually hoaxes. Do not follow the steps described in any email unless you’re sure the threat is real.

There is no Yahoo! Lottery. Don’t be fooled by people pretending to be Yahoo! and offering cash prizes. We would never send you information about a contest you never entered. If you’ve received a message like “Final Notification: Yahoo! Mail Winner!” or “Your Email Address Has Won $XX million,” it’s a scam. Don’t reply to the email, don’t click any links in it, and never divulge any personal information. Instead, click the “Spam” button.

Authentication

Phishing is the act of creating legitimate looking messages, masquerading as a trusted entity to lure you into clicking on emails that are designed to steal vital personal information like your password and financial data. To prevent such email forgery and spoofing we use DomainKeys Identified Mail (DKIM) which allows senders to digitally sign their emails so that Yahoo! Mail can then verify the authenticity of the sender. In addition, Yahoo! Mailsupports Domain-based Message Authentication, Reporting and Conformance (DMARC), a specification spearheaded by major technology providers and email senders to collectively fight spam and phishing scams.

Source: http://antispam.yahoo.com/

Advertisements
 
Leave a comment

Posted by on 03/29/2013 in Uncategorized

 

Tags: , , ,

Suspicious Spoofed Craigslist Email

SUSPICIOUS FAKE CRAIGSLIST EMAIL – PHISHING ATTACK

01/27/13, UPDATE – I received another phishing email by a supposed Craigslist user using the name Eduard Frank – I’ll will post the e-mails in order, newest to oldest, along with the header details.

I don’t have any Craigslist ads currently listed. Infact I don’t even list Craigslist Ads on the account I use to bait scammers so I was immediately suspicious when I received this Craigslist email alert. Not only are the two ‘Craigslist’ links spoofed (the actual URL is not Craigslist) — but the IP address is blacklisted on many anti-scam websites.

SUBJECT: i would like to buy your item from craigslist RECEIVED: Thursday, January 24, 2013 4:22 PM
From: Eduard Frank qdbfwp@hotmail.com

EMAIL: Hi Am very interested in your item posted on craigslist : https://post.craigsIist.org/k/EEEYZLFl4hGbaqXZBYzI7A/vh279?s=tou This is the same spoofed link from the previous emails. The actual URL is goo.gl/aiNwi 

is it still available?

HEADER DETAILS:

Return-Path: <qdbfwp@hotmail.com>
X-YahooFilteredBulk: 209.86.89.63
Received-SPF: softfail (transitioning domain of hotmail.com does not designate 209.86.89.63 as permitted sender)
X-YMailISG: f21Sl8cWLDuLkBRdjpHUdX9xerAr20OQ.qHh.cYAhFw5lSy9 InkNTHdcI2EA5oGO9s9WRGoE8X5ydhJMddl7xNfU7SS5DV.ZmEuoogthq2Mr ZvEhsMyuVJDUF.SjyE4Tc89NIsqgqTDyubXh8JCI4vlsSXzjTBeONvNIq6Kg cqZ8zxS3GmdYZWjr7H42UDM4exf6rEjAzJpgC8FAMm4ynJLZBkBoyWFfO2Ll qv.ng07yAnqBA3sFkFS_Y.CSVvZm88fwcMZlZyRi_4wzLBnT5yvTPIAuvqT5 tNs4bOiPVUJfXgqNLp7wrrOUqTjAkUqRUs66quJ6_O2JXVAoU.ZY6JoiL5EO kI0w0mTfK_Ywb.QBcTEUSmUWvqn_CQsUlSLAvyn.qxAh8Y2runI8uiQygKGz PJYlnCyv78fhIxh.nBTk_9CqekcGWowgPXwkvZapxZ5_jda.VjWRmrJQpk5Q 70.QaXHLbKcyWqGU_DdG7adHyc9kvV4EiGdecXmmVXU1qM_MUGmbhRHPkInj yzHCteTsIZesiuI0wKIPizjJTdqCC.NN.UiWyXZlMTJfPXtQTa4RlRBDDPyz Xy0ki7OZklAZBGKSTFhDY5BgR.NKTJ6XWiPXz9gttbYrBMBrNkY2HLd0zEHX 8NAX0o7PjQfXOIJ1a1EB.3ZhcDS7kWlm9ChTpiVdDLLcNq8IYZoGIXdR8X4R jHFX6pCqOPafF_ukxFRia_W66cmiyjhUISaBWM5GDA1bam3h8Q5iDQhonN0H mt38Vl9DJdp.0CCcpXnGj8EMezEmFErlX7riKAHti3bHf6B2psPM9F3Q66YD Yvev1gX2V8AXHutGkN5kqIbapmCsFrEcNlsQ6PWOa_MaF50swL7c3qegbBmB aX2qBolGvmVByMl7LRqFYxvUirxOQxoRYQgh3RsDrOckcbf6xCeNIX_BnCMK MHTpGaA4sYqPPKdCTky02qrqvsrC4jgmgJygFS.ok93p6xLaA7J18EWkLP0B 7HXxWRY4Gv70DVDXfCmC_W6S.wfF0Q96oxHXhE8eGCz32L.sDLEJ.lfp8PTT ta6RcLyAAW5spPFLk4cFqavI1kDCiU8FxlcCL0wbAWcL9MbA97xKPwuwfzTA onZcJp5qb2AhvBc2FN_LWuRAL6bE.1cit4BS_T1xjj6ZrGV9cm5KKu2Bb7tz rOMyUXhj_Jti6n0rBzP3FBJkgzc2j.vTFMrgV.gbGVH9vZRYfUui8ndHyPXU QaZMaLBHHys-
X-Originating-IP: [209.86.89.63]
Authentication-Results: mta1160.mail.gq1.yahoo.com from=hotmail.com; domainkeys=neutral (no sig); from=hotmail.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO elasmtp-junco.atl.sa.earthlink.net) (209.86.89.63) by mta1160.mail.gq1.yahoo.com with SMTP; Thu, 24 Jan 2013 08:23:36 -0800
Received: from [71.237.118.147] (helo=User) by elasmtp-junco.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <qdbfwp@hotmail.com>) id 1TyPZx-0002jO-Fi; Thu, 24 Jan 2013 11:23:05 -0500
Reply-To: qdbfwp@hotmail.com
From: Eduard Frank<qdbfwp@hotmail.com>
Subject: i would like to buy your item from craigslist
Content-Type: text/html; charset=”Windows-1251″
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <E1TyPZx-0002jO-Fi@elasmtp-junco.atl.sa.earthlink.net>
X-ELNK-Trace: 8219d692fd5468d6d780f4a490ca6956d5d4673fe7faad86623ec139337907e38e9f230fcf1cb831350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 71.237.118.147

Your posting has been flagged for removal.
Approximately 98% of postings removed are in violation of craigslist posting guidelines.
Please make sure you are abiding by all posted site rules, including our terms of use:
http://www.craigslist.org/about/terms.of.use.html This was a spoofed link with the actual URL being goo.gl/aiNwi
If you need help figuring out why your posting was flagged, try asking in our flag help forum. Include posting title, body, category, city, how often posted, any images, HTML markup, etc.
If you feel your posting was wrongly flagged down (2% of flagged ads are) please accept our apologies and feel free to repost using the link below:
http://www.craigslist.org/about/ctd/repost.html This was a spoofed link with the actual URL being goo.gI/aiNwi
Sorry for the hassle, and thanks for your understanding.
——————————————————————————

Date: 1327114516
PostID: 24177504

HEADER DETAILS:

Return-Path: <dycsbl@craiglist-accounts.com>
X-YahooFilteredBulk: 209.86.89.69
Received-SPF: temperror (encountered temporary error during SPF processing of domain of craiglist-accounts.com)
X-YMailISG: 2h.FN3sWLDsEDE8qqS_yEcqB6M1HR9h.u85ZaLiGYL.IEQuU iab6_WhytOr0v8KZup3soVlAl7qxu2RiK1epX7ek6GeXBAj6poh2cJDD.zQg jPJjyPfclZKW_NnPFDTrSWD79AqrNkBBoJ5hW__LZXlZUz.ZLpSi3ZGXK4Ge VIQygP.nLCk6NbRgJn9twOcwwHoP9j9q6on5YSGUI.nb1gYsctI_PDBGrRnF KvveQMYnrrNG4DgZdrwZSRT2Ox8yP7gB51A8WWDw8krq9Pr5un4ainmeAweF XEuXHV0gt8Ow1O0rAIxiwCKOtJWaYKiesaCJl7_h6QSFdL1PpDwAqVZXazI0 QmP3DUNfRbb71rVQF.0VNpiFdohCTjJUO6uB0YxxGT6CZ10wN1eCKhe4eSPv e8vXdS37Jh0ofSMl9amPk1N5KfTnveNm2V6cqR1pA1vlUkaA_5CyVppBKBMz jtvxdFt.RDiMZzuE77R3OHnsdEvmu4PaX64_PEj.vf._aKc738JxzsFaHmf8 TQAsQMpo.WAEdh0b_5rITS4ima44rP.6UIKfFqAc31KrxVEBY9oGXCHB9nz9 V3nDA50qbSHIIagS9ZVZTstHWy4dum2Gaz9KgGNMoR6UIhnw4H6tagKAyPPY EnTD1ypXM8jQocv6l0dsJk3azMLION2iNB9P4Ow6gtjMwkVygfgFrchDUwRs fSxZ4_itBU3TG9KdPtUCdH5wUwuxAGiVBCjLVsLlg2d694opIOVX2J40BGRH IYhXAAfbxnnbpYnzY9.FWxSe.uRNv0UKJ5R91syZw_5x.ifYmztP8ZxSubqC 4PEvO1.qavB3u4KwY4riKy.H5mmZBAKLDx1EY4pYVofWYjywCEiVOuq0.KjM VszzfJPQT3i9fvKhxDE9THio9A1vagNxw1rThbN1v0cPF7CgwE1yGIXPKv3Y DjIOVLoI7C3ubQK1AioG3t6RCfO32iPiiefv0oWc4x6LYaDv0RMeO32XiVsm qoptc3moDkfy29NJAQZXHA9oO.GwX4fjNRIliMgY8OaK6zb2XRbBdDBfdD6f IVgVhUSeYJKmYxxWOmWP.DX1Jq2aZNU3LQ5MyOV0U054Ws9MRNZKjR3BJcCi 3tgqq1kcbrPHOhkWI0hjJNFaLZY8z3qLl41wPKkkq8H0FN0.6q._GbmNGB4z twsjMemUDLkyY32h.MUaQiL.3UvRYkY7mXIsQlCwKe4BeYyY0y03rcJMb3iF FIR2s29QvuOjBD7kRTSILNW1qwInYb3kFH_ODhQTUTLlYiic9f.M_uYkGXA0 X6nSS2lFS1d2hK.XlYnYjn49yt7oY0SVNiPQ6Z9FqiXwp4cT0cKnB6NX2NE8 DZGrkmlBsrgZmJA8n_9hHwi.7CKGEmLJnqP5MgQkCuKNEz_z0l7yYw22MkJH qqeHgmb75noxVzMTDd1KtfwgGTmnVGcBzo0vvAlk588aZfVAyXwXZMCX
X-Originating-IP: [209.86.89.69]
Authentication-Results: mta1220.mail.sk1.yahoo.com from=craiglist-accounts.com; domainkeys=neutral (no sig); from=craiglist-accounts.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO elasmtp-mealy.atl.sa.earthlink.net) (209.86.89.69) by mta1220.mail.sk1.yahoo.com with SMTP; Wed, 23 Jan 2013 12:58:50 -0800
Received: from [72.172.204.128] (helo=User) by elasmtp-mealy.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <dycsbl@craiglist-accounts.com>) id 1Ty7Nq-0004nx-4X; Wed, 23 Jan 2013 15:57:22 -0500
Reply-To: dycsbl@craiglist-accounts.com
From: Craigslist <dycsbl@craiglist-accounts.com>
Subject: flagged & removed 24177504
Message-ID: <E1Ty7Nq-0004nx-4X@elasmtp-mealy.atl.sa.earthlink.net>
0da15bcd0e72a23c13bbd08df6cfe9269ef193a6bfc3dd48c25deae7748207c3a2f7e1f2b096e1d07ef9f80aaf77e5a4350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 72.172.204.128

dycsbl@craiglist-accounts.com 72.172.204.128 <> 209.86.89.69

 

Tags: , , , , , , , , , , , , , , , ,

 
%d bloggers like this: