Pennock's Fiero Forum
  Totally O/T - Archive
  Phishing Question (hunting them down?)

T H I S   I S   A N   A R C H I V E D   T O P I C
  

Email This Page to Someone! | Printable Version


Phishing Question (hunting them down?) by Flamberge
Started on: 10-19-2006 09:31 PM
Replies: 2
Last post by: TK on 10-20-2006 11:42 PM
Flamberge
Member
Posts: 4268
From: Terra Sancta, TX
Registered: Oct 2001


Feedback score: (1)
Leave feedback





Total ratings: 89
Rate this member

Report this Post10-19-2006 09:31 PM Click Here to See the Profile for FlambergeSend a Private Message to FlambergeDirect Link to This Post
Here's the (long) story:

I signed up to be a listener at an AM sport radio station so I could stream their broadcast online. Less than a week later, I receive an email claiming to be from that radio station's program director. It's obvious right away it is a phishing email - and not even a good one. The logo is pixelated, the address isn't right, and the link they offer doesn't go where it claims, according to "View Source".

I look at the header, and see the website is something.something.yimg.com. So I do a WHOIS search, and find this...

 
quote

Whois lookup for yimg.com.

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.


Domain Name: YIMG.COM
Registrar: EMARKMONITOR INC. DBA MARKMONITOR
Whois Server: whois.markmonitor.com
Referral URL: http://www.markmonitor.com
Name Server: NS5.YAHOO.COM
Name Server: NS4.YAHOO.COM
Name Server: NS3.YAHOO.COM
Name Server: NS2.YAHOO.COM
Name Server: NS1.YAHOO.COM
Status: REGISTRAR-LOCK
EPP Status: clientDeleteProhibited
EPP Status: clientUpdateProhibited
EPP Status: clientTransferProhibited
Updated Date: 22-Jul-2005
Creation Date: 13-May-1997
Expiration Date: 14-May-2012

>>> Last update of whois database: Thu, 19 Oct 2006 21:21:51 EDT <<<

MarkMonitor.com - The Leader in Corporate Domain Management
----------------------------------------------------------
For Global Domain Consolidation, Research & Intelligence,
and Enterprise DNS, go to: www.markmonitor.com
----------------------------------------------------------

The Data in MarkMonitor.com's WHOIS database is provided by MarkMonitor.com
for information purposes, and to assist persons in obtaining information
about or related to a domain name registration record. MarkMonitor.com
does not guarantee its accuracy. By submitting a WHOIS query, you agree
that you will use this Data only for lawful purposes and that, under no
circumstances will you use this Data to: (1) allow, enable, or otherwise
support the transmission of mass unsolicited, commercial advertising or
solicitations via e-mail (spam); or (2) enable high volume, automated,
electronic processes that apply to MarkMonitor.com (or its systems).
MarkMonitor.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by this policy.

Registrant:
Yahoo! Inc.
(DOM-273003)
701 First Avenue
Sunnyvale
CA
94089
US

Domain Name: yimg.com

Registrar Name: Markmonitor.com
Registrar Whois: whois.markmonitor.com
Registrar Homepage: http://www.markmonitor.com

Administrative Contact:
Domain Administrator
(NIC-1382062)
Yahoo! Inc.
701 First Avenue
Sunnyvale
CA
94089
US
domainadmin@yahoo-inc.com
+1.4083493300
Fax- +1.4083493301
Technical Contact, Zone Contact:
Domain Administrator
(NIC-1372925)
Yahoo! Inc.
701 First Avenue
Sunnyvale
CA
94089
US
domainadmin@yahoo-inc.com
+1.4083493300
Fax- +1.4083493301

Created on..............: 1997-May-14.
Expires on..............: 2012-May-15.
Record last updated on..: 2006-May-17 11:10:55.

Domain servers in listed order:

NS1.YAHOO.COM
NS5.YAHOO.COM
NS2.YAHOO.COM
NS3.YAHOO.COM
NS4.YAHOO.COM

MarkMonitor.com - The Leader in Corporate Domain Management
----------------------------------------------------------
For Global Domain Consolidation, Research & Intelligence,
and Enterprise DNS, go to: www.markmonitor.com
----------------------------------------------------------


I usually report phishing emails to the domains they come from, if those domains are yahoo.com, google.com, etc. abuse@yahoo.com for example. However, in this case, I'm not sure. I could just delete it, but this kind of thing irritates me.

I did email the radio station and warn them that they might have a security problem since the phishers had my info in less than a week.

So what do you think I should do?

------------------

IP: Logged
PFF
System Bot
Flamberge
Member
Posts: 4268
From: Terra Sancta, TX
Registered: Oct 2001


Feedback score: (1)
Leave feedback





Total ratings: 89
Rate this member

Report this Post10-20-2006 11:30 PM Click Here to See the Profile for FlambergeSend a Private Message to FlambergeDirect Link to This Post
UPDATE: Apperantly this was legit, or at least from the radio station. They said it was part of a promotion.

So, false alarm.

Flamberge
IP: Logged
TK
Member
Posts: 10009
From:
Registered: Aug 2002


Feedback score: (2)
Leave feedback





Total ratings: 200
Rate this member

Report this Post10-20-2006 11:42 PM Click Here to See the Profile for TKSend a Private Message to TKDirect Link to This Post
I'd turn them in anyway just to keep them on their toes and to show you are watching........
IP: Logged



All times are ET (US)

T H I S   I S   A N   A R C H I V E D   T O P I C
  

Contact Us | Back To Main Page

Advertizing on PFF | Fiero Parts Vendors
PFF Merchandise | Fiero Gallery | Ogre's Cave
Real-Time Chat | Fiero Related Auctions on eBay



Copyright (c) 1999, C. Pennock