Bogus Phishing Email Not From Us
If you receive an email that looks like this do not click on it. Please roll over and actually look at the link and you will see that it is a spoofed phishing site.
18:00:42 -0000 (GMT)
Received: From 200-161-146-136.dsl.telesp.net.br (200.161.146.136) by
Sun, 10 Jan 2010 17:53:53 -0000 (GMT)
From: Support Team <support@krypt.com>
To: "demo@krypt.com" <demo@krypt.com>
Content-Class: urn:content-classes:message
Date: Sun, 10 Jan 2010 10:53:48 -0800
Subject: The settings for the demo@krypt.com mailbox were changed
Thread-Topic: The settings for the demo@krypt.com mailbox were changed
Thread-Index: AcqSID7hjw+IxyYESJ+bPAE7/GnfHw==
Message-ID: <000d01ca921d$dc3f18f0$6400a8c0@fripperyjr1>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-TNEF-Correlator:
x-envelope-to: info@krypt.com
x-envelope-from: fripperyjr1@spielmotor.de
Content-Type: multipart/alternative;
boundary="_000_000d01ca921ddc3f18f06400a8c0fripperyjr1_"
MIME-Version: 1.0
--_000_000d01ca921ddc3f18f06400a8c0fripperyjr1_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Dear user of the krypt.com mailing service!
We are informing you that because of the security upgrade of the mailing service your mailbox (demo@krypt.com) settings were changed. In order to apply the new set of settings click on the following link:
http://krypt.com/owa/service_directory/settings.php?email=demo@krypt.com&from=krypt.com&fromname=demo --> http://krypt.com.ujyhs.co.kr/owa/service_directory/settings.php?email=demo@krypt.com&from=krypt.com&fromname=demo
Best regards, krypt.com Technical Support.
Letter_ID#7RH8XD661NGDGSXAPHDMHQNJ
False Email Phishing Scam
If you have received an email with the
From: "support@krypt.com" <support@krypt.com>
Subject: Re: for krypt.com webhosting user
Please DO NOT click on those links. If you inspect the email properly the link to the site goes to a false website
http://cpanel.krypt.com.tygrhggi.org.uk/scripts/cpanel-ftp-co=
nfirmation.php?session=3D51558097857053083681684670994946469&email=3Dpcba@l=
ists.elder-law.com&service=3Dkrypt.com">http://cpanel.krypt.com/scripts/cpa=
nel-ftp-confirmation.php?session=3D51558097857053083681684670994946469&emai=
l=3Dpcba@lists.elder-law.com&service=3Dkrypt.com
whois tygkhggi.co.uk
Domain name:
tygkhggi.co.uk
Registrant:
Sherry Ajemian
Registrant type:
Non-UK Individual
Registrant's address:
5105 Otis Ave
Koningshooikt
5244
Belgium
Registrar:
Webfusion Ltd t/a 123-Reg.co.uk [Tag = 123-REG]
URL: http://www.123-reg.co.uk
Relevant dates:
Registered on: 04-Dec-2009
Renewal date: 04-Dec-2011
Last updated: 04-Dec-2009
Registration status:
Registration request being processed.
Name servers:
ns1.a-hrstaffing.com
ns2.a-hrstaffing.com
We encourage all users to block the domain tygkhggi.co.uk on any web filtering software such as Websense.
More information can be found here:
http://garwarner.blogspot.com/2009/12/webmasters-targeted-by-cpanel-phish.html