I've seen scams like this aimed at Paypal and Ameritrade customers. They look a bit more innocent - basically, they take a newsletter Paypal or Ameritrade has sent out, replace all of the URLs with something that sounds comforting but isn't, such as paypal.secureserver2.com, and set up a phony login form at the site in question.
Since these are far more dangerous than standard spam and since whitelisting doesn't help - they usually forge the appropriate From address - I've started using special addresses for each company using a qmail wildcard address. For example, [EMAIL PROTECTED] is my address at Paypal, m-ameritrade, and so on. This way I can (a) whitelist the "to" address instead of the "from", and (b) be semi-assured that anything sent to that address really came from the company in question. I guess I need to switch my accounts at godaddy and register.com to custom addresses now... (I also use addresses like this to register at untrusted web sites - not for authentication, but to know who to blame and which address to convert to a spamtrap if I start getting spam.) -- michael moncur mgm at starlingtech.com http://www.starlingtech.com/ "We forfeit three-fourths of ourselves to be like other people." -- Arthur Schopenhauer > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Doug > Crompton > Sent: Tuesday, April 30, 2002 9:56 PM > To: Spam Assassin List > Subject: [SAtalk] Scam Warning! Please read. (fwd) > > > Thought you might like to read about the latest scam mail... > > > From: [EMAIL PROTECTED] > Subject: Scam Warning! Please read. > > Dear Valued Go Daddy customer, > > Tuesday morning, alert Go Daddy customers notified me that another > scammer is after your personal information. Our legal team is already > working with the FBI to take any and all appropriate action. > > In the meantime, I want to make sure you're informed and protected. Here > are the details of the scam: > > Someone is sending emails to our recent .US domain registrants. The emails > are disguised as coming from " [EMAIL PROTECTED] ". This is a > legitimate Go > Daddy email address, but these emails are not coming from us. > > The scammer's email instructs recipients to divulge - via fax - their Go > Daddy account login, user name and password; their Social Security > Number; and proof of address. The pretence provided is that this > information is needed to verify eligibility for the .US domain. Again, the > scammers are requesting this information be sent to a fax number in > Nevada. > > I want you to know two things: First, Go Daddy would never ask for this > information, in any form, period. We'd never ask for your Social Security > number. And we never ask you to fax or mail us your personal information. > > Second, the scammers did not get your email contact information from Go > Daddy. Scam artists constantly probe the "Whois" database, the central > repository of ownership information for all domain name owners. (You can > think of the Whois database as being the Internet equivalent of your local > County Recorder's office. Real estate ownership information is required by > law to be public; it's the same with domain name ownership > > I won't speculate as to the intent of these scammers, but it can't be > good. So please: If you receive one of the emails I've described above (or > any other communication that makes you suspicious in the future) please do > not respond to them! Instead, forward them to the special address I've set > up: [EMAIL PROTECTED] > > Your best protection against scammers is awareness. So please stay on > guard, and if you receive any communication that strikes you as > suspicious, forward it to [EMAIL PROTECTED] > > Sincerely, > > Bob Parsons > President, > Go Daddy Software, Inc. > http://www.godaddy.com/ > >
