Thursday, February 26, 2015

Phishing scam?

NB: addendum at end

I got the following e-mail



When I got the message source text, it read as follows:


x-store-info:J++/JTCzmObr++wNraA4Pa4f5Xd6uensRZxSKVDP6DLsQjuBOxXzq84LPc5FL2zj91l4PqfUL3mRAk+ORbtVk3JAcnx581aqSWJquBOnJVtQb89elSStHxzjVydnK32ur1G+Qh8SpTQ=
Authentication-Results: hotmail.com; spf=softfail (sender IP is 67.202.126.210) smtp.mailfrom=apache@artistarena.com; dkim=none header.d=wbrsupport.com; x-hmca=none header.id=fansupport@wbrsupport.com
X-SID-PRA: fansupport@wbrsupport.com
X-AUTH-Result: NONE
X-SID-Result: NONE
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0wO0Q9MTtHRD0xO1NDTD0w
X-Message-Info: NhFq/7gR1vSG2DkhANWWQ4KHcdXw2Wh+HWcpbD701FEZ6Szjj7zQSArxUH2pBi33N7hkwoWUiCO8eOo4KlbBhkeMOB1zBstjHZFqGx4WDj5uNewd58aqmfDclwbhBYempXXI1lQ4u0/F1PwEsOYQRKT30slcGSaAbEG5ulFBMtQqO5RsB8xGgE9oD+gOJvkUDpd+U+EHlLNT1ON53auuU6W4i3P9sgSa
Received: from artistarenaweb01.lcgosc.com ([67.202.126.210]) by SNT004-MC3F45.hotmail.com with Microsoft SMTPSVC(7.5.7601.22751);
  Thu, 26 Feb 2015 04:50:25 -0800
Received: by artistarenaweb01.lcgosc.com (Postfix, from userid 48)
 id 6FDF7C40825; Thu, 26 Feb 2015 06:50:25 -0600 (CST)
To: =?utf-8?B?QW5uZSBCYXJzY2hhbGw=?= <straightarrow372@hotmail.com>
Subject: =?utf-8?B?TWVtYmVyc2hpcCBFeHBpcmVk?=
X-PHP-Originating-Script: 48:Sendmail.php
From: Friends of Josh Groban - The Official Josh Groban Fan Club <fansupport@wbrsupport.com>
Date: Thu, 26 Feb 2015 12:50:25 +0000
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
MIME-Version: 1.0
Message-Id: <20150226125025.6FDF7C40825@artistarenaweb01.lcgosc.com>
Return-Path: apache@artistarena.com
X-OriginalArrivalTime: 26 Feb 2015 12:50:25.0971 (UTC) FILETIME=[CAAEE830:01D051C2]

<style type=3D"text/css">=0Abody,td { color:#000000; font:11px/1.35em Arial, Verdana, Helvetica, sans-serif; }=0D=0Aa {color: #c86e46;}=0A</style>=0A=0D=0A=0D=0A=0D=0A=0D=0A=0D=0A<body style=3D"backgr=
ound: #000000; font-family: Arial, Verdana, Helvetica, sans-serif; font-size:12px; margin:0; padding:0;">=0D=0A<div style=3D"font-family: Arial, Verdana,  Helvetica, sans-serif; font-size:12px; margin=
:0; padding:0;">=0D=0A    <table cellspacing=3D"0" cellpadding=3D"0" border=3D"0" height=3D"100%" width=3D"100%" bgcolor=3D"#000000">=0D=0A        <tr>=0D=0A            <td align=3D"center" valign=3D"=
top" style=3D"padding:20px 0 20px 0;">=0D=0A                <table width=3D"670" cellspacing=3D"0" cellpadding=3D"0" border=3D"0" style=3D"padding: 20px;" bgcolor=3D"#e6e6e5">=0D=0A                  =
  <!-- [ header starts here] -->=0D=0A                    <tr>=0D=0A                        <td valign=3D"top" width=3D"630" style=3D"width: 630px; text-align: center;">=0D=0A                        =
    =0D=0A  <p style=3D"margin: 0; padding: 0;">=0D=0A    <img style=3D"width: 100%;" src=3D"http://artistarenastage.lcgosc.com/skin/frontend/artistarena/joshgroban/images/email-header-image.jpg" alt=
=3D"" />=0D=0A  </p>=0D=0A=0D=0A                        </td>=0D=0A                    </tr>=0D=0A                    <!-- [ middle starts here] -->=0D=0A                    <tr>=0D=0A               =
         <td valign=3D"top" width=3D"630" style=3D"width: 630px; text-align: left; color: #000000; padding-top: 20px;">=0D=0A                            <table width=3D"630" cellspacing=3D"0" cellpadd=
ing=3D"0" border=3D"0" style=3D"width:630px;">=0D=0A                                <tr>=0D=0A                                    <td width=3D"630" style=3D"width: 630px;">=0D=0A                     =
                   <h1 style=3D"font-size:21px; font-weight:bold; color: #000000;">Dear [name deleted]!</h1>=0D=0A=0D=0A                                        <p>Your membership in FOJG: Friends of J=
osh Groban expired on 07/23/2014.=0D=0A                                            Please visit the http://artistarenastage.lcgosc.com/joshgroban/ fan club site to renew or upgrade your membership<br/=
>=0D=0A=0D=0A                                        </p>=0D=0A                                        <p>http://artistarenastage.lcgosc.com/joshgroban/customer/account/login</p>=0D=0A               =
                         <p>Your email address: straightarrow372@hotmail.com</p>=0D=0A                                    </td>=0D=0A                                </tr>=0D=0A                       =
     </table>=0D=0A                        </td>=0D=0A                    </tr>=0D=0A                </table>=0D=0A                <!-- [ footer starts here] -->=0D=0A                <table  width=3D"=
670" cellspacing=3D"0" cellpadding=3D"0" border=3D"0">=0D=0A                    <tr>=0D=0A                        <td valign=3D"top" width=3D"670" align=3D"center" style=3D"padding: 15px 0px 15px 0px;=
 color: #c86e46;">=0D=0A                            =0D=0A                        </td>=0D=0A                    </tr>=0D=0A                </table>=0D=0A            </td>=0D=0A        </tr>=0D=0A   =
 </table>=0D=0A</div>=0D=0A</body>




********








I sent the link in the e-mail to Brainy Redhead on twitter, who is a computer security expert.  She feels this is a phishing scam













*****************



Addendum 2/27/15:







I got an e-mail from Warner Music saying that this isn't a phishing scam, but they can't understand why it went out.  I'm not taking this blog down yet, tho.  If they don't know why it went out, I think the links are still suspicious.


















Posted by



at







































No comments:















Post a Comment


















        

      









Subscribe to:
Post Comments (Atom)