Yesterday, I received this email which at first glance came from Yahoo.
We are sorry to inform you that we are currently working on securing our
server, during this process account which is not manually verified by us
will be deleted, Please confirm and submit your information for manual
verification by one of our customer care.
Information which is to be provided is below:
Date Of Birth:
Country (At Sign up):
Upon confirmation of information from you, we will manually verify your
and reserve it not to be deleted, We are sorry for any
inconveniences this might have cause providing your information over the
Warning!!! Account owner that refuses to update his/her account after two
weeks of receiving this warning will lose his or her account permanently.
Copyright © 2009 Yahoo! Inc. All rights reserved. Copyright/IP Policy |
Terms of Service | Guide to Online Security
NOTICE: We collect personal information on this site.
I was intimidated by the warning that my account will be deleted in two weeks if I don't send the information they want. I already drafted a reply and was about to send it when I thought something seems to be fishy. I took a second look at the email and it seemed to be authentic. But, still deep inside, I felt something's wrong somewhere. So I went back to the yahoo mail and pressed the "full headers" button at the bottom to get the full ip address of the sender. If it was Yahoo, then their ip address will show, however, this is what I got:
From Yahoo! Inc
Mon Mar 30 22:13:52 2009
|mta476.mail.mud.yahoo.com from=; domainkeys=neutral (no sig); from=; dkim=neutral (no sig)|
|from 18.104.22.168 (EHLO host4.oneononeinternet.com) (22.214.171.124) by mta476.mail.mud.yahoo.com with SMTP; Mon, 30 Mar 2009 15:14:38 -0700|
|from xiir.com (localhost [127.0.0.1]) by host4.oneononeinternet.com (126.96.36.19960614/8.12.10) with ESMTP id n2UMDqXQ017217; Mon, 30 Mar 2009 18:13:52 -0400|
Please take note of the url - EHLO host4.oneononeinternet.com! I googled this url and found out it was connected with several internet scams!
Among the scams it spawned in the web were "Payment Advice From Nigeria US$18 Million", and the "Gainsborough Furniture" scams.
Please beware of this url which has an ip address at 188.8.131.52, and turned out to be in Maryland, USA!
I nearly sent my email details. It was a good thing I had second thoughts about it. Lesson learned: Double check and be suspicious of any url asking for your private data!