Got a phishing email tonight

Status
Not open for further replies.
O

Oldmoparguy1

Joined
Jan 21, 2005
Messages
5,721
Location
Charlotte, NC
Return-Path:
Received: from cdptpa-mxlb.mail.rr.com ([10.127.255.14])
by cdptpa-imta12.mail.rr.com with ESMTP
id
for ; Thu, 10 Jul 2008 00:00:26 +0000
X-IronPort: cdptpa-mx11.mail.rr.com 443110612
X-RR-Connecting-IP: 63.71.8.107
Received: from smtpout.zixmail.net ([63.71.8.107])
by cdptpa-mxlb.mail.rr.com with ESMTP; 10 Jul 2008 00:00:26 +0000
Received: from mailhost (unknown [192.168.128.73])
by smtpout.zixmail.net (Proprietary) with ESMTP id 50A352C2A2A
for ; Wed, 9 Jul 2008 19:00:25 -0500 (CDT)
From: "CIGNA Dental Customer Service"
To: [email protected]
Reply-To: [email protected]
Subject: New Email Notice: You have a secure email from CIGNA
Date: Wed, 09 Jul 2008 19:00:25 CDT
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----9h9rFCFVUma1zMhM906lq6dEXE2Q1zJJ"
X-From-ZixPort: cigna-e
X-ZixNet: Notification
Message-Id:
X-Antivirus: AVG for E-mail 8.0.138 [270.4.7/1543]

You have received a message from: CIGNA Dental Customer Service

Select the link below to access your CIGNA Secure Mailbox:

https://www3.cignasecure.com/s/e?m=ABBP6ya0FYLTYvVUMtYCx6dp

Please do not reply to this email message. The return address is not monitored.
-----------------------------------------------------------------
Notice the recieved from address.

When I go to the listed url, I get a screen asking to create a userid and provide all sorts of personal info.

I do have CIGNA DMHO and acessed the CIGNA website yesterday for the first time in over a year.

Now my question is, how did the phisher know this? Could there be something on my system tracking my browser use?
 
My wife clicked on something like that just a couple days ago. She shreeked, covered the screen and asked me how to hide the windows from the kids.

Phishing scams suck.
 
Originally Posted By: Oldmoparguy1

Now my question is, how did the phisher know this? Could there be something on my system tracking my browser use?

The phishers send out heaps of generic emails and hope some hit. I received an email - emblazoned with my bank's logo - telling me of a security breach. So I clicked on link but stopped at that point since it didn't seem like something the bank would do.

And I today I received an identical email except from a different bank.
 
Received two today, one from "ebay" and one from "paypal"

"Dear eBay account holder,
We've recently noticed that someone has made [5] suspicious attemps to login
into your online account from this address 72.122.18.131, our security commitment
forces us to block your account temporarily until you verify your identity on our systems
Verify your identity at this form:


https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&ru=http://www.ebay.com/&_trksid=m37



We apologize for the inconvinience this may cause, but security is one of our top goals in eBay Inc.
You have 72 hours to verify the information on our systems, if you do not verify yourself, your account
will be suspended, and have to contact us by phone or fax in order to unlock
your account.".










if you hover over the link it says "centralgym-amboise.com/........."

for both the ebay and paypal scams...
 
I get these things all the time. I got 3 more already today, but this one seemed too personal. The wife is going through some dental issues right now and I've had to contact CIGNA for help getting 'out of network' coverage.

I suppose it could be just a coincidence. The timing is curious though. I'm a little jumpy right now. in the last week I've had 4 virus attacks via email. AVG 8.0 caught all of them.

I'm getting so much spam that I purchased MailWasher Pro and am sending the obvious stuff through Spamcop.
 
Scan with these just to be sure:

http://usa.kaspersky.com/products_services/free-virus-scanner.php

http://www.eset.com/onlinescan/

http://housecall.trendmicro.com/

http://support.f-secure.com/enu/home/ols.shtml#

That sounds a bit more than coincidence. Almost sounds like someone who works for CIGNA is trying to steal identities by creating this fake site and he/she has access to a database of customers or something. I'd maybe even contact CIGNA.

If you really are having problems with viruses and malware, I'll post it again. Use this program and it will be a thing of the past. Run all internet facing programs behind Sandboxie and nothing can even penetrate your system!

http://www.sandboxie.com
 
Last edited:
Quote:

When I go to the listed url,



Curious if you actually looked @ the URL in the browser URL field after you clicked it (which by the way was a bad idea). Best way is to copy the link location, then paste it into Notepad or a CMD window; you can also look @ the html source for the email; you will see the real site you are going to prior (as you shouldn't) to clicking the link.
 
I never click a link. For emails, I open edit, then select all, copy and paste in notpad. This shows me every character in the email including the hidden ones, and hidden links, also URLs for hidden images. In this case I did a copy/paste for the URL into my browser.

I can do the same thing in the browser by editing the current page.

I ran all my usual scanners and only found 2 tracking cookies, which I need to add to my hosts file. (forgot to do that yesterday).

Was not able to find an email contact for CIGNA so I wrote up and explanation and sent everything off to spamcop.

Looks loke I better get busy and install sandbox.

Thanks for the info folks.

Wayne
 
They don't know, but if they send out tons of e-mails, chances are they'll hit someone that has business with the company and might be tricked into giving up personal info.

I get a lot of this sort of thing claiming to be from Wells Fargo, and a mortgage company (the name of which I can't remember right now), even though I've never done business with either firm.
 
Last edited:
Status
Not open for further replies.

Similar threads

O
  • Locked
what the heck?????
Replies
8
Views
2K
Oldmoparguy1
O
  • Locked
I just won $921,201:00 USD in a lottey!
Replies
19
Views
8K
Oldmoparguy1
Back
Top