RE: FYI -- fake email abuse warning

[Mike Gill]

I've seen this stuff for years. User gets an email with a message urging
them to open an attachment to solve an issue. Lately for me it's been SPAM
regarding DHL, UPS, FedEX or Facebook but it's pretty much all the same.
Paste the first paragraph of the message you got into Google and in the
first link is the exact email that dates back to 2005.

 

-- 
Mike Gill

 

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Wednesday, November 11, 2009 8:56 AM
To: NT System Admin Issues
Subject: RE: FYI -- fake email abuse warning

 

Slightly sanitized (removed user's email address):

 

Dear user (email address),

 

We have detected that your account was used to send a large amount of
unsolicited e-mail messages during the last week.

Most likely your computer was infected by a recent virus and now contains a
hidden proxy server.

 

We recommend that you follow our instruction in the attached file in order
to keep your computer safe.

 

Best wishes,

The blueridgecarpet.com support team.

 

Attached was a file called "blueridgecarpet.com" As we all know, .com files
are executable. I wish I could prevent executable files from being received
in email, but I don't think I can.

 

John-AldrichTile-Tools

 

From: Todd Lemmiksoo [mailto:tlemmik...@all-mode.com] 
Sent: Wednesday, November 11, 2009 11:47 AM
To: NT System Admin Issues
Subject: RE: FYI -- fake email abuse warning

 

yes, please send.

 

Todd

 

  _____  

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Wednesday, November 11, 2009 11:09 AM
To: NT System Admin Issues
Subject: FYI -- fake email abuse warning

One of my users was sent a bogus email abuse warning stating that his
account had been flagged  because his "account was used to send a large
amount of unsolicited e-mail messages during the last week." They had an
attachment that was flagged by AVG as a virus and so the email was bounced
back to me as the return address was postmas...@blueridgecarpet.com which
comes to me. I've never seen this particular social engineering stunt before
and thought I'd pass it along to you guys. I can pass along the text of the
bounced message (sans attachment, of course! <G>) if anyone wants it.

 

John-AldrichTile-Tools

 

 

 

 

 

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.425 / Virus Database: 270.14.60/2496 - Release Date: 11/11/09
07:40:00

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

<<image001.jpg>>

<<image002.jpg>>