[TowerTalk] Phishing Attempt on list members
Kevin Kidd
kkbroadcastengineering at gmail.com
Tue Mar 7 17:13:16 EST 2017
This is not the only ham / antenna related list that has been
hacked/spammed. This morning I received an obviously spoofed email from
the antennas list that included the Chase Online bit but also included the
footer sub/unsub/post info from the original list.
Someone just responded over there that it came thru the list although it
appeared to me to be direct.
Kevin C. Kidd, CSRE/AMD
Lawrenceburg, TN
AM Ground Systems Company - WD4RAT
kkidd at kkbc.com -- 866-22-RADIO -- 866-227-2346
www.amgroundsystems.com
On Tue, Mar 7, 2017 at 10:21 AM, Bill Cotter <n4lg at qx.net> wrote:
> Beware of the phishing attempt you may receive (below). Someone has
> harvested names from this list and is targeting "tower-speak" members.
>
> 73 Bill N4LG
>
>
>
> Delivered-To: n4lg at qx.net
>> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=qth.net;
>> s=default;
>> t=1488899527; bh=y3c0luieP8LJ655Uh35p+oaTX6WXSC4BE+eL0xv3NIs=;
>> h=Date:To:From:Subject:List-Id:List-Unsubscribe:List-Archive:
>> List-Post:List-Help:List-Subscribe:Reply-To;
>>
>> b=SsD1PS1YSwz2Gv0Z6J93oDBAdXLIpaXzgM0/YCQBmO4QoZD8tuGBApMurdovTrMvK
>>
>> 5BfgStgEa+d78emz1tgS7oWACF+Tf+UydoMda4glMQsfHBQB1xrG7foebi1ZgpYdWp
>> gkkiep1te6AA48Q4nNk644U87Nm0sSE8aSfY8jRo=
>> X-Original-To: tower-speak at mailman.qth.net
>> Delivered-To: tower-speak at mailman.qth.net
>> Date: Tue, 7 Mar 2017 23:10:30 +0900
>> To: tower-speak at mailman.qth.net
>> From: "Chase AcctSec. Team chasesecurity-team_noreplies at chse.com"
>> <kb0stn at sbcglobal.net>
>> X-Sender-Warning: www.cep.co.jp has no MX records
>> X-Sender-Warning: Reverse DNS lookup failed for 210.255.105.34 (deferred)
>> X-SpamExperts-Class: unsure
>> X-SpamExperts-Evidence: Combined (0.39)
>> X-Recommended-Action: accept
>> X-Filter-ID: s0sct1PQhAABKnZB5plbIZpY1ikLiFgbVmksaMuwG0C5OxuSEtuFWwwaLyTv
>> 3J4q92PNDpgLsd6D
>>
>> dd/s7VM53g3T+DSfEwaX1fMB91s1i0eF3rqxKFd/nPW1dGGCWU27kPJbqGF1
>> mm7icJReIQ1Y0eGb
>>
>> l2rxzgZzlEZmtq8bUJ1ESxetogg2qpgjEaQVMqtgHHASJNUmoOHSoqgqxfHm
>> WWFKriOvK5c3NjZx
>>
>> hn31ZU4XXoJpPBs4SXre2qkDo6tZnxyFa+Q+jcWWki4nd/MNUQioT+LYyf+F
>> 84tisMSPnVK7RuLD
>>
>> 0cO47gH2HJlBchoL647lNwN4qOsSZg+fYhVZG6JgW08GUKyIRv5R4YS10xeb
>> idA8HjwZkZUDJOsO
>>
>> TC4gLPcreuTRO8h4kE9NVybyZuCiaqkrTMLg0gyykv6sPD5sIH8EF3joBhei
>> indVvWjMAs6k3Y4z
>>
>> hdrc7mVMTsXqUoUqJg7F2WHEjt37MS2lIdOrf/zvkfJ5qxZ6Hdc351pSh/Q9
>> kPA7nEm8yCUrkAIp
>>
>> zU0HC+OHo93JT2u4lL5dx5YjZwWTcp0rVeO1dO6omiH/21XAikGmQzbz+8y1
>> rHkBAO56plfq0eVU
>>
>> aVfwajC1K+JsJP8LNZ+wb8Fh6AzaRQJBYfVjU8jp64UzkfHMeaQSZyGwfqeN
>> O0Vta0QHISXmTwUu
>>
>> LKQ+ubjvZxdX/Mk3mf2JJ6ytnJ0Xd4KZmhdHwpVLA+f58jEXnRK5ls8GJS1n
>> fGZHtwH6gpgoatEb
>> QYNxkjCA
>> X-Report-Abuse-To: spam at quarantine4.antispamcloud.com
>> X-Content-Filtered-By: Mailman/MimeDel 2.1.20
>> Subject: [Tower-Speak] Account Suspension
>> X-BeenThere: tower-speak at mailman.qth.net
>> X-Mailman-Version: 2.1.20
>> List-Id: Discussion of anything related to towers <
>> tower-speak.mailman.qth.net>
>> List-Unsubscribe: <http://mailman.qth.net/mailman/options/tower-speak>,
>>
>> <mailto:tower-speak-request at mailman.qth.net?subject=unsubscribe>
>> List-Archive: <http://mailman.qth.net/pipermail/tower-speak/>
>> List-Post: <mailto:tower-speak at mailman.qth.net>
>> List-Help: <mailto:tower-speak-request at mailman.qth.net?subject=help>
>> List-Subscribe: <http://mailman.qth.net/mailman/listinfo/tower-speak>,
>>
>> <mailto:tower-speak-request at mailman.qth.net?subject=subscribe>
>> Reply-To: alt.y7-fdeawx2 at yopmail.com
>> Sender: "Tower-Speak" <tower-speak-bounces at mailman.qth.net>
>> X-MagicMail-OS: Inactive
>> X-MagicMail-UUID: 6ddbd5e8-0348-11e7-a552-002481abe416
>> X-MagicMail-SourceIP: 69.16.227.189
>> X-MagicMail-EnvelopeFrom: <tower-speak-bounces at mailman.qth.net>
>> X-MagicMail-Whitelisted: Yes
>>
>> Hi,
>> Due to a recent compromise of our servers by some chinese hackers, It has
>> been mandated that we carry out an integrity check to isolate and disable
>> all
>> suspicious accounts. For now we have already placed a red flag on several
>> accounts
>> thereby preventing them from carrying out any financial transactions
>> whatsoever.
>> To ensure that your account was not compromised, you are required to
>> ascertain
>> your identity, failure to do this within 24 hours will lead to account
>> service
>> suspension.
>> Login and Ascertain Your Identity
>> Thanks for your anticipated co-operation and understanding.
>> The Accounts Team,
>> For Chase Online
>> ______________________________________________________________
>> Tower-Speak mailing list
>> Home: http://mailman.qth.net/mailman/listinfo/tower-speak
>> Help: http://mailman.qth.net/mmfaq.htm
>> Post: mailto:Tower-Speak at mailman.qth.net
>>
>> This list hosted by: http://www.qsl.net
>> Please help support this email list: http://www.qsl.net/donate.html
>>
>
> _______________________________________________
>
>
>
> _______________________________________________
> TowerTalk mailing list
> TowerTalk at contesting.com
> http://lists.contesting.com/mailman/listinfo/towertalk
>
More information about the TowerTalk
mailing list