Just got a new PHISHING email. Of course I didn't click links and did forward it to exedelistens@viasat.com to be dealt with. Here is a copy so that no one here gets taken by this SCAM.
From: "Administrator" <Hellfried.Wolf@t-online.de>
To: *MY EMAIL ADDRESS REMOVED*
Sent: Monday, June 12, 2017 8:40:51 AM
Subject: Warning:Cloud-mail services..
From: "Administrator" <Hellfried.Wolf@t-online.de>
To: *MY EMAIL ADDRESS REMOVED*
Sent: Monday, June 12, 2017 8:40:51 AM
Subject: Warning:Cloud-mail services..
Hi [ *MY EMAIL ADDRESS REMOVED*]
Due to limited data of your mail account storage,messages are unable to be delivered to your Inbox.
we advice that you increase your storage data to cloud mail services to avoid loss of your account and important messages.
To know more, please visit *LINK REMOVED*
* However,if you do not update your email storage data,your account will be disabled temporarily.
Regards
WildBlue Team
©2017 ViaSat Communications, Inc. All rights reserved.
Bev, Champion
Posted 11 months ago
Brad, Viasat Employee
For these emails a tell-tale sign is the address is not from viasat.com. If the sender isn't from a viasat.com email, it's not a real email. If you ever have questions about an email sent please call us at 855-463-9333. As always, NEVER click any links or reply to these questionable emails
xode0000, Champion
I just did a WHOIS search for t-online.de at http://whois.marcaria.com/?q=t-online.de and retrieved the following information, which might be useful in getting this scammer shut down (hopefully permanently):
Domain: t-online.de Nserver: dns00.btx.dtag.de Nserver: dns02.btx.dtag.de Nserver: dns50.t-ipnet.de Nserver: pns.dtag.de Status: connect Changed: 2006-07-28T04:31:25+02:00 [Tech-C] Type: PERSON Name: Hostmaster T-Online Organisation: Deutsche Telekom AG Address: Friedrich-Ebert-Allee 140 PostalCode: 53113 City: Bonn CountryCode: DE Phone: +49 228 18194033 Fax: +49 228 18194402 Email: hostmaster@t-online.net Changed: 2015-07-30T09:02:32+02:00 [Zone-C] Type: PERSON Name: Hostmaster T-Online Organisation: Deutsche Telekom AG Address: Friedrich-Ebert-Allee 140 PostalCode: 53113 City: Bonn CountryCode: DE Phone: +49 228 18194033 Fax: +49 228 18194402 Email: hostmaster@t-online.net Changed: 2015-07-30T09:02:32+02:00
Unfortunately, from addresses (i.e. the sender) as well as the commonly displayed headers are easily spoofed and Wolf (or is it Hellfried) at that domain is probably not the source and probably is an innocent bystander.
When reporting SPAM and/or phishing attempts it's best to forward along the full internet headers - how to do that will vary by your chosen email client (Google is your friend on that one).
In this case however, the embedded link that's been redacted is probably a better place to start sleuthing and determine the domain owner of the URL.
FWIW and in general forwarding an email as an attachment will typically ensure the original full internet headers are included - a simple forward typically results in loss of the original full headers and replacement with new ones (but not alway - as I said email client dependent).
When reporting SPAM and/or phishing attempts it's best to forward along the full internet headers - how to do that will vary by your chosen email client (Google is your friend on that one).
In this case however, the embedded link that's been redacted is probably a better place to start sleuthing and determine the domain owner of the URL.
FWIW and in general forwarding an email as an attachment will typically ensure the original full internet headers are included - a simple forward typically results in loss of the original full headers and replacement with new ones (but not alway - as I said email client dependent).
(Edited)
