Skip to content

Have You Been Phished?

August 9, 2013

A message from Vincent Grimard, Chief Security Officer

This morning I got up like any other day, logged into my e-mail accounts to rake in my overnight messages, and noticed one very special e-mail. It was from an administrative team with the subject line EMAIL ADDRESS UPDATION Warning Code :ID67565434…(2012)‏. From my initial view it looked legit, but I found myself wondering … what the heck is an “updation”? Is it a cool new word? I mean, I like to give props to my peeps on the south side, but maybe I’m not that hip? Here’s what it said…>>>

Dear Account User ,
Special notification email messaging from Windows Microsoft™

Hmm, seems legit, they even have the TM in there … but is it?

Thank you for being one of our valued users of Windows Live Msn Account. We hope you are enjoying it and having fun using Windows Live Msn & other Windows Live services. We are constantly working to improve the service to you.

Ok, you still have me…

A DGTFX Virus has been detected in your folders. Your email account has to be upgraded to our new Secured DGTFX anti-virus 2012 version to prevent damages to our web mail log and to your important files. Click your reply tab, Fill the columns below and send back to us or your email account will be terminated to avoid spread of the virus.

Photo credit: Stomchak via Wikimedia Commons

Photo credit: Stomchak via Wikimedia Commons

Now I’m getting a little suspicious … a super shiny, fantastic, special, secured DGTFX version? I smell a phish…

Full Name: ……………………………..

User name: ………………………..

Password: …………………………….

Reconfirm Password: ………………

Date Of Birth…………………………


A HA! YOU DIRTY PHISH YOU! How did I catch this monkey? Ask yourself, “Why would the organization that has all of my information and absolute control need my password?” So, the hunter now becomes the hunted. Let’s look at the rest.

Note that your password will be encrypted with 1024-bit RSA keys for your password safety.

Nice, a message to instill comfort.

All MSN and Hotmail User Should Reply Now!!!

Failure to do this will immediately render your Web-email address deactivated from our database.

Ah, there it is. Fear of loss—respond now or you will lose something.

Thank you for your co-operation.

Warning Code :ID67565434

Msn Account Support.
Copyright ©2012
This information will help to personalize your Windows Live experience. Windows Live respects your…

…and the various closing details.

All in all, I really like this phish. REALLY good, and very convincing. Did you catch it? The next thing I did was look at the sender address. The REAL address, not what my e-mail program shows. For example, my e-mail program tells me that this is coming from the Windows Live Team, but when I go into the details, it’s from someone claiming to be “bawooten.” The problem is that I’m a geek, and well, now I’ve tracked down the geographical information about “bawooten” or at least this person’s server. I’ve also cross-referenced this phisher’s e-mail address and tracked his or her history, and while I’ve found out how busy he or she really is, I’ve also found the poor person whose e-mail account he or she hacked. And just like that … “bawooten” is gone.

Like my phish story?

So what’s your take away here? Well, there are two things really.

  1. Phishing is really common, so be suspicious and check things out.
  2. You will get e-mails from what appear to be real entities. Just this week, I’ve seen e-mails from some pretty professional organizations like NACHA, executive committees, etc.

Keep your eyes open, it will save you a lot of grief! 🙂

Vincent Grimard, Nelnet Chief Security Officer

Vincent Grimard, Nelnet Chief Security Officer

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: