New Phishing SCAM email

  • 1
  • Problem
  • Updated 2 years ago
Just got a new PHISHING email. Of course I didn't click links and did forward it to exedelistens@viasat.com to be dealt with. Here is a copy so that no one here gets taken by this SCAM.

From: "Administrator" <Hellfried.Wolf@t-online.de>
To: *MY EMAIL ADDRESS REMOVED*
Sent: Monday, June 12, 2017 8:40:51 AM
Subject: Warning:Cloud-mail services..

Hi [ *MY EMAIL ADDRESS REMOVED*]


Due to limited data of your mail account storage,messages are unable to be delivered to your Inbox.


we advice that you increase your storage data to cloud mail services to avoid loss of your account and important messages.


To know more, please visit *LINK REMOVED*



* However,if you do not update your email storage data,your account will be disabled temporarily.


Regards
WildBlue Team



©2017 ViaSat Communications, Inc. All rights reserved.

Photo of Bev

Bev, Champion

  • 3083 Posts
  • 1294 Reply Likes

Posted 2 years ago

  • 1
Photo of Tim Spake

Tim Spake

  • 415 Posts
  • 218 Reply Likes
Thank so much for posting this.
Photo of Brad

Brad, Viasat Employee

  • 3144 Posts
  • 1116 Reply Likes
For these emails a tell-tale sign is the address is not from viasat.com. If the sender isn't from a viasat.com email, it's not a real email. If you ever have questions about an email sent please call us at 855-463-9333. As always, NEVER click any links or reply to these questionable emails
Photo of xode0000

xode0000, Champion

  • 480 Posts
  • 155 Reply Likes
I just did a WHOIS search for t-online.de at http://whois.marcaria.com/?q=t-online.de and retrieved the following information, which might be useful in getting this scammer shut down (hopefully permanently):
Domain: t-online.de
Nserver: dns00.btx.dtag.de
Nserver: dns02.btx.dtag.de
Nserver: dns50.t-ipnet.de
Nserver: pns.dtag.de
Status: connect
Changed: 2006-07-28T04:31:25+02:00
[Tech-C]
Type: PERSON
Name: Hostmaster T-Online
Organisation: Deutsche Telekom AG
Address: Friedrich-Ebert-Allee 140
PostalCode: 53113
City: Bonn
CountryCode: DE
Phone: +49 228 18194033
Fax: +49 228 18194402
Email: hostmaster@t-online.net
Changed: 2015-07-30T09:02:32+02:00
[Zone-C]
Type: PERSON
Name: Hostmaster T-Online
Organisation: Deutsche Telekom AG
Address: Friedrich-Ebert-Allee 140
PostalCode: 53113
City: Bonn
CountryCode: DE
Phone: +49 228 18194033
Fax: +49 228 18194402
Email: hostmaster@t-online.net
Changed: 2015-07-30T09:02:32+02:00

Photo of Old Labs (VS1-329-L12FZ)

Old Labs (VS1-329-L12FZ)

  • 3923 Posts
  • 4011 Reply Likes
Unfortunately, from addresses (i.e. the sender) as well as the commonly displayed headers are easily spoofed and Wolf (or is it Hellfried) at that domain is probably not the source and probably is an innocent bystander.

When reporting SPAM and/or phishing attempts it's best to forward along the full internet headers - how to do that will vary by your chosen email client (Google is your friend on that one).

In this case however, the embedded link that's been redacted is probably a better place to start sleuthing and determine the domain owner of the URL.     

FWIW and in general forwarding an email as an attachment will typically ensure the original full internet headers are included - a simple forward typically results in loss of the original full headers and replacement with new ones (but not alway - as I said email client dependent).   
(Edited)