- Joined
- May 17, 2002
- Messages
- 2,252
- Reaction score
- 69
I received the following email today, claiming to be from Moniker:
--- start email --------------
From [email protected] Wed Aug 29 04:49:23 2007
X-Apparently-To: [REDACTED] via 206.190.38.16; Wed, 29 Aug 2007 04:49:27 -0700
X-Originating-IP: [209.191.85.97]
Return-Path: <[email protected]>
Authentication-Results: mta245.mail.re4.yahoo.com from=yahoo.com; domainkeys=pass (ok)
Received: from 209.191.85.97 (HELO web37012.mail.mud.yahoo.com) (209.191.85.97) by mta245.mail.re4.yahoo.com with SMTP; Wed, 29 Aug 2007 04:49:27 -0700
Received: (qmail 53702 invoked by uid 60001); 29 Aug 2007 11:49:23 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Receivedate:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=TpPhDeag/8kqRX5lkOeaIcRVHvL/vkUJ+uE6A0s0Dbf0Cnaf6qWmYCTNUBqjDnl+eAGfU6V72hoOQ3oLabunoAD21QZg/+PrcG4/2DOuXK1BOpbmpWln34l9wF9WoTFpZuFR8f/XxjwK4X2ZFtbLivaSeuXAVQJGjXe2aTX+Gz0=;
X-YMail-OSG: LMawMwwVM1niEwCMrXOtPXFXiouttWUG9U.Pe0mt53MfHz9_BU8bE4aCgBurXOxwP6nje16Idt_ZBaWX5gNd4.sAqek8CMketIZ8UanO_49blWgxZg_P20VqhCSllw--
Received: from [64.251.19.130] by web37012.mail.mud.yahoo.com via HTTP; Wed, 29 Aug 2007 04:49:23 PDT
Date: Wed, 29 Aug 2007 04:49:23 -0700 (PDT)
From: "[email protected]" <[email protected]> Add to Address Book Add Mobile Alert
Yahoo! DomainKeys has confirmed that this message was sent by yahoo.com. Learn more
Subject: Affiliate Summit 2007
To: [email protected]
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1328096676-1188388163=:53679"
Content-Transfer-Encoding: 8bit
Message-ID: <[email protected]>
Content-Length: 857
Why you should work with us :
[REDACTED LINK TO A YOUTUBE VIDEO]
------ end email ------
However, the actual target of the link was much more complex, appear to be an encrypted form to change one's password and submit it to a site in Asia.
This appears to be some form of Phishing attempt, using Moniker's good name to steal/take control of domain admin account email addresses, etc. Fortunately, I'm too paranoid to click on links in emails. lol
I've sent an email to Monte, but wanted to bring this to the attention of members here too. It would obviously affect accounts not at Moniker, i.e. if they control your email address, they can try to steal a domain held at any registrar.
Feel free to repost this warning to other domain boards/blogs.
--- start email --------------
From [email protected] Wed Aug 29 04:49:23 2007
X-Apparently-To: [REDACTED] via 206.190.38.16; Wed, 29 Aug 2007 04:49:27 -0700
X-Originating-IP: [209.191.85.97]
Return-Path: <[email protected]>
Authentication-Results: mta245.mail.re4.yahoo.com from=yahoo.com; domainkeys=pass (ok)
Received: from 209.191.85.97 (HELO web37012.mail.mud.yahoo.com) (209.191.85.97) by mta245.mail.re4.yahoo.com with SMTP; Wed, 29 Aug 2007 04:49:27 -0700
Received: (qmail 53702 invoked by uid 60001); 29 Aug 2007 11:49:23 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Receivedate:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=TpPhDeag/8kqRX5lkOeaIcRVHvL/vkUJ+uE6A0s0Dbf0Cnaf6qWmYCTNUBqjDnl+eAGfU6V72hoOQ3oLabunoAD21QZg/+PrcG4/2DOuXK1BOpbmpWln34l9wF9WoTFpZuFR8f/XxjwK4X2ZFtbLivaSeuXAVQJGjXe2aTX+Gz0=;
X-YMail-OSG: LMawMwwVM1niEwCMrXOtPXFXiouttWUG9U.Pe0mt53MfHz9_BU8bE4aCgBurXOxwP6nje16Idt_ZBaWX5gNd4.sAqek8CMketIZ8UanO_49blWgxZg_P20VqhCSllw--
Received: from [64.251.19.130] by web37012.mail.mud.yahoo.com via HTTP; Wed, 29 Aug 2007 04:49:23 PDT
Date: Wed, 29 Aug 2007 04:49:23 -0700 (PDT)
From: "[email protected]" <[email protected]> Add to Address Book Add Mobile Alert
Yahoo! DomainKeys has confirmed that this message was sent by yahoo.com. Learn more
Subject: Affiliate Summit 2007
To: [email protected]
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1328096676-1188388163=:53679"
Content-Transfer-Encoding: 8bit
Message-ID: <[email protected]>
Content-Length: 857
Why you should work with us :
[REDACTED LINK TO A YOUTUBE VIDEO]
------ end email ------
However, the actual target of the link was much more complex, appear to be an encrypted form to change one's password and submit it to a site in Asia.
This appears to be some form of Phishing attempt, using Moniker's good name to steal/take control of domain admin account email addresses, etc. Fortunately, I'm too paranoid to click on links in emails. lol
I've sent an email to Monte, but wanted to bring this to the attention of members here too. It would obviously affect accounts not at Moniker, i.e. if they control your email address, they can try to steal a domain held at any registrar.
Feel free to repost this warning to other domain boards/blogs.