This e-mail is really scaring me!

[astronauco]

I have received the following email:


--------------------------------


From: Portugalmail <Portugalmail> (no e-mail address?)
Reply to: Portugalmail
For: "[email protected]" (my e-mail)
Date: August 10 2006 16:43
Subject: Invoice (178): Portugalmail


Hello "XXX XXXX" (they know my full name):

This is a notice that your invoice 178 has been generated for services by Portugalmail on Thursday, August 10, 2006 3:43:41 PM

Quantity: 1
Description: Prior Balance
Price: EUR25.00
DiscountAmount: EUR0.00
Tax: EUR0.00
Total: EUR25.00

Total Due: EUR25.00
Due Date: Saturday, August 19, 2006 3:43:41 PM

If you pay with an automated method such as a credit card or subscription, a transaction will be attempted on before the invoice due date. Otherwise, please send payment to:

Portugalmail



You may login to view your invoice online here:

Portugalmail
http://
(They put no address there)

If you have any questions regarding your account, please contact support using the following support channel(s):

INSERT SUPPORT CHANNEL(S) HERE
(nothing there either, no link, nothing, just a blank space)

Thank you,
Date: Thursday, August 10, 2006 3:43:41 PM

INSERT COMPANY DISCLAIMER HERE
(again nothing there)


-----------------------


Ok, that´s the e-mail. It´s very suspicious, I don´t remember to have bought anything these days (August 10 in this case).

So I go to google and type "Portugalmail". The first result is www.portugalmail.pt There I see a link titled "Dominos .eu". Ok, I have bought .eu domains but not here, so what the hell is this. I click it and I´m redirected to https://domains.blog.com . There I see a login form but I´ve never enter this page. I click on "Password recovery" and they ask me for my e-mail address (only my e-mail). I type my e-mail and then I receive the following e-mail:


--------------------------

From: Blog. com INC <[email protected]>
For: XXXX XXX (my full name) <[email protected]> (and my e-mail)
Date: August 10 2006 16:53
Subject: Your Login Information


XXXXX XXXX (my full name):

Username: [email protected] (my e-mail)
Password: xxxxxxxx

URL: https://domains.blog.com/billing/


Generated by Blog.com INC

---------------------------------

Ok, now I try to login using my e-mail and that password. I enter a member section and there I see a table titled "Domains List" with the following information:

Domain: troorse.eu (I have never regged or pre-regged this stupid domain)
Creaction Date (EURid): a blank space
Registrant: 585
State: Unpaid

DNS Configuration: ns.domains.blog.com

OK, now I go to www.whois.eu to check that domain (troorse.eu). The whois result is "AVAILABLE". So I think it must be a scam mail.

I go back to my "member section" and then I click on "585" (my "registrant" number). Then I see something really scaring: my personal data, including full name, address, city, country, zip code, phone number and e-mail.

What the hell is this?
Someone else received a similar e-mail?
How could they get my personal data?
How can they demand payment for a domain that is available?

 

[irishmat]

thats crazy

but yes your personal info is out there if you dont use private whois

i wouldnt worry about it, just delete the email

 

[Damion]

They have your info by looking at the whois for certain .eu domains and they used this in the email they have send to you.
If you have never pre-regged or applied for this domain which is obviously so since the domain is still available then why be concerned?

You recieve an email from an "company" you don't know then don't open it especially if it's a socalled reminder.
I get them also but a little different with the subject "password recovery" or "invoice" or "payment reminder" and i delete them...i don't even open them since i don't know the company in question.

Don't open emails from addresses that has subject lines such as these.
You are probably infected with some sort of virus by now because you clicked so many links and went through their hoops they have set up for you.

it's a phishing scam!
If i where you i would reformat my whole system.

Someone asking for payment for a domain that is as of now available is nothing more then a scam.
A "company" you never heard of before and asking for money is a scam.

I hope you didn't pay? or entered your financial details in some sort of way?

 

[armstrong]

A ploy I use with these scammers is to feign ignorance/stupidity, and say soemthing like "Is this domain for sale, then? I like it but would not consider paying more than $200." Once in a while, they take the bait and reg the domain, then offer to sell for *surprise* $200.

 

[TestCase]

:lol: HAHA... That's funny, Armstrong!

Will have to remember that and give it a try someday.

 

[astronauco]

Damion, I didn´t pay a cent nor did enter any financial or personal detail (only my e-mail address, which they already knew).

I guess you´re right, there´s no reason to be concerned.

I don´t think I´m infected. I always use Firefox, firewall, antivirus and antispyware. I didn´t open any .exe nor did download any file. But if I see something suspicious I´ll format my system anyway.

What I find more strange is that when I enter that "member" section, there is no a link to pay.
How could they scam anybody if their "victims" can´t pay?

Armstrong, good idea. I´ll do that next time!

 

[Damion]

Somewhere along the line you would be potentially confronted with an option to pay for this fabricated invoice.
Also even though you did not open any .exe file or used firefox and always used firewall, antivirus and antispyware you could still be infected by just simply visiting a webpage.

Even though you use precautions such as firewall, antivirus and antispyware it's still possible to get infected.
They have put a substantial amount of efforts to put all sorts of things online and i wouldn't be surprised that you are still infected with a sophisticated trojan/rootkit because of you following their instructions...meaning following the links you described.

To be safe do a format otherwise who knows all your paswords can potentially be comprimised putting your domains at risk as well. Not to mention next time you are going to use your creditcard they could log your details or even worse if you ebank via a bank that still holds minimum security as just only a username and password...yes they still exist unfortunately...and your account being drained.

Just a friendly warning astronauco, the whole scam was potentially to let you visit certain pages and get you infected and not to let you pay for a fabricated invoice but who knows you may recieve another email from them with instructions or something.

Like i said your firewall, antivirus and antispyware utilities may not indicate anything but that is no reason not to think you're not infected.

 

[astronauco]

Thanks Damion, I´ll consider your warning.

I´m going to update my antivirus and antispyware/antikeylogger programs to do a full scan of my pc. Then I´ll check the source code of the suspicious pages I visited. If I see something like an embedded applet or a link to any application I´ll format my system.

 

[Damion]

So you're going to visit the pages again LOL

 

[astronauco]

Yeah, if I´m already infected then I have nothing to lose.