I Almost Got Phished!

Blog
About

July 30, 2008 on 5:58 pm | In Personal, Techspeak |

Actually, I might have gotten phished, scammed, or trojaned - I really can’t tell. Anyway, I just returned from SANSFire 2008, and had the following email waiting for me in my inbox:

From: Emmett Dugan” US Airways <tengels@SOMENONUSAIRDOMAIN.net> Subject: E-ticket #4118328071

Good afternoon, Thank you for using our new service “Buy flight ticket Online” on our website. Your account has been created:

Your login: ICHANGEDTHISADDRESS@paradigmcc.com Your password: passWQR7

Your credit card has been charged for $487.39. We would like to remind you that whenever you order tickets on our website you get a discount of 10%! Attached to this message is the purchase Invoice and the airplane ticket. To use your ticket, simply print it on a color printed, and you are set to take off for the journey!

Kind regards, Emmett Dugan US Airways

Now, what’s scary is that I flew US Air, but I didn’t give them this email address. I also didn’t pay $487.39. Also, they were nice enough to send an attachment, zipped. I saved it to a quarantined space, and looked inside. Sure enough, there’s an EXE there. I didn’t open it. Maybe I should send it do someone for analysis.

Upon consideration, I’m fairly sure this was a random thing, but it goes to show how someone could very easily be sucked in to opening an attachment from a scammer if the timing is right. If you’re sending out millions of these things, eventually something’s going to hit.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.