- Impact
- 16,188
Got this in my mail:
From: EarthLink Pay Center <[email protected]>...
[Add to Address Book] Flag Message | Mark Unread [This is spam]
To: Customer <[email protected]>
Subject: Resubmit EarthLink Network payment data.
Date: Apr 22, 2005 11:32 AM
Check the attachment, of course it didnt look like that in my email reader.
Change the ext to html to see.
The From addy: [email protected]
redirects. Not to Earthlink.
http://earthlink-security.net/
Godaddy Whois shows it was reg'd a few days ago. Surely a fake or a dupe owner.
All the pages used in this scam were good copies with all links resolving to real EL pages and the url in the taskbar and title both read earthlink.
http://center.earthlink-security.net:4443/appform.php?
Click continue to follow(you dont have to fill in the boxes)
http://center.earthlink-security.net:4443/billinfo.php
http://center.earthlink-security.net:4443/credit.php
http://center.earthlink-security.net:4443/process.php
I sent it to EL fraud and they confirmed it was not from earthlink.
Why the tables with white ink? -RJ- recons to get it by the spam scanners.
So watch out, and not just EL subscribers. My guess is this is going out to customers of different ISP's as well.
Peace, kid5150
From: EarthLink Pay Center <[email protected]>...
[Add to Address Book] Flag Message | Mark Unread [This is spam]
To: Customer <[email protected]>
Subject: Resubmit EarthLink Network payment data.
Date: Apr 22, 2005 11:32 AM
Check the attachment, of course it didnt look like that in my email reader.
Change the ext to html to see.
The From addy: [email protected]
redirects. Not to Earthlink.
http://earthlink-security.net/
Godaddy Whois shows it was reg'd a few days ago. Surely a fake or a dupe owner.
All the pages used in this scam were good copies with all links resolving to real EL pages and the url in the taskbar and title both read earthlink.
http://center.earthlink-security.net:4443/appform.php?
Click continue to follow(you dont have to fill in the boxes)
http://center.earthlink-security.net:4443/billinfo.php
http://center.earthlink-security.net:4443/credit.php
http://center.earthlink-security.net:4443/process.php
I sent it to EL fraud and they confirmed it was not from earthlink.
Why the tables with white ink? -RJ- recons to get it by the spam scanners.
So watch out, and not just EL subscribers. My guess is this is going out to customers of different ISP's as well.
Peace, kid5150
Last edited: