• Related:: Why are these phishing addesses not valid?

    From micky@21:1/5 to All on Mon Nov 8 10:06:34 2021
    Related to email but not a specifically Eudora question:

    Just got this email, the most recent of several from Peru that claims to
    be in charge of my USA email account.

    What gets me is the link they want me to use, http:/mail.rcn.commmm. I
    put in 3 extra m's so no one would accidentally click on it.

    So they left out a slash, was that on purpose?

    But the question is..I thought if the middle node, rcn, was a a real
    one, changing the first node to mail would still give a link that
    belongs to www.rcn.com, which is the URL of one of my mail servers.

    Also the To: line looks like it has a valid domain. ???

    Would correcting and clicking on the zimbra link install a virus, or is
    it just phishing?



    From: "?© +RCN Telecom Services" <a20214996@pucp.edu.pe> [Peru!!!]
    Date: Mon, 8 Nov 2021 19:00:45 +0530
    Subject: Re: Very Important Information Regards Your RCN
    To: cskrnc@rcn.commmm

    Your incoming mails and documents have been placed on hold due to the
    recent spam activities on our server.


    we need you to verify your account before you can view the new emails
    and documents. to verify kindly click on URL below and login.


    http:/mail.rcn.commmm/zimbra


    © 2021 RCN Telecom Services, LLC. All Rights Reserved.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Piet@21:1/5 to micky on Wed Nov 10 22:35:42 2021
    micky wrote:
    Related to email but not a specifically Eudora question:
    Just got this email, the most recent of several from Peru that claims
    to be in charge of my USA email account.

    Let them claim heaven and hell, and dump them into trash. Or make
    a filter that does that for you before you even have a chance to
    look at the message.

    What gets me is the link they want me to use, http:/mail.rcn.commmm.
    I put in 3 extra m's so no one would accidentally click on it.

    You're a bit shortsighted. Had you hovered the cursor over that
    would-be-url, you'd have noticed right away the real underlying
    url *does* have two slashes. It's a very common way to lure people
    to malware sites, but it's also commonly used by trusted companies
    hide a url ("difficult" for the computer-ignorant) in the way it's
    done on webpages.

    So they left out a slash, was that on purpose?

    You bet! It draws attention, and out of curiosity people will click
    on the "incorrect" link.

    Would correcting and clicking on the zimbra link install a virus,
    or is it just phishing?

    Just click on it and you may be lost already.

    -p

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From micky@21:1/5 to www.godfatherof.nl/@opt-in.invalid on Thu Nov 11 11:12:15 2021
    In comp.mail.eudora.ms-windows, on Wed, 10 Nov 2021 22:35:42 +0100, Piet <www.godfatherof.nl/@opt-in.invalid> wrote:

    micky wrote:
    Related to email but not a specifically Eudora question:
    Just got this email, the most recent of several from Peru that claims
    to be in charge of my USA email account.

    Let them claim heaven and hell, and dump them into trash. Or make
    a filter that does that for you before you even have a chance to
    look at the message.

    What gets me is the link they want me to use, http:/mail.rcn.commmm.
    I put in 3 extra m's so no one would accidentally click on it.

    You're a bit shortsighted. Had you hovered the cursor over that
    would-be-url, you'd have noticed right away the real underlying

    Ugh. I don't know why I didn't do that. I know about it. I'm trying
    to find the email again in my inbox trash but can't find it yet.

    url *does* have two slashes. It's a very common way to lure people
    to malware sites, but it's also commonly used by trusted companies
    hide a url ("difficult" for the computer-ignorant) in the way it's
    done on webpages.

    So they left out a slash, was that on purpose?

    You bet! It draws attention, and out of curiosity people will click
    on the "incorrect" link.

    Aha.

    Would correcting and clicking on the zimbra link install a virus,
    or is it just phishing?

    Just click on it and you may be lost already.

    Oh, no!

    -p

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)