January 13, 2011Quarantine Digest Baloney
I received what looks like a badly mismanaged trial run of a phishing attack, presumably aimed at capturing email login credentials. Here is what the message looks like:
Subject: Quarantine Digest
Quarantine Digest for [recipient's email address here]
Click here to access your spam quarantine. The spam quarantine contains emails that are being held from your email account. Quarantined emails can be released to your inbox or deleted using the spam quarantine link.
The link in the message I received was misconfigured to point to a local router NAT address (https://192.168.0.101/quarantine/manageuser?[removed]) rather than the true web page where the phishing page will be hosted. The forged From: address was also very templatey: firstname.lastname@example.org. Oh, please!
My copy arrived from a botnet client in the Phillippines.
It smells of a phishing kit being used by an inexperienced newbie. Expect to see more of these when other kit buyers learn how to fill in all the right fields and click the Send button at the proper time — thus avoiding premature spamulation.