Daily Archives: 15. April 2019

so richtig schlechtes Netflix-Phishing

Posted on by

Heute Nacht trudelte so richtig schlechtes Phishing für NetFlixAccounts in unsere Spamfalle,
den ich Euch nicht enthalten will. Schon deswegen, weil das so selten passiert dank funktionierendem SpamFilter 😀

Return-path: <orion@host.searchexperts.net>
Delivery-date: Tue, 16 Apr 2019 00:34:21 +0200
Received: from host.searchexperts.net ([72.52.192.29]) by YYYYYYYYYYYYYY
 (XXXXXXXXXXXXXXXXXXXXX) with ESMTPS (Nemesis) id 1M9p5t-1hAOsQ2HvJ-005wSE
 for <XXXXXXXXXXXXXXXXXXXXXXXXXXX>; Tue, 16 Apr 2019 00:34:11 +0200
Received: from [41.251.250.236] (port=61967 helo=srv-odeis)
	by host.searchexperts.net with esmtpsa (TLSv1:ECDHE-RSA-AES256-SHA:256)
	(Exim 4.91)
	(envelope-from <orion@host.searchexperts.net>)
	id 1hG1s7-0001P1-N5
	for <XXXXXXXXXXXXXXXXX>; Mon, 15 Apr 2019 09:42:08 -0400
MIME-Version: 1.0
From: "Netflix" <orion@host.searchexperts.net>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host.searchexperts.net
X-AntiAbuse: Original Domain - web.de
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - host.searchexperts.net
X-Get-Message-Sender-Via: host.searchexperts.net: authenticated_id: sales@orionsolarracking.com
X-Authenticated-Sender: host.searchexperts.net: sales@orionsolarracking.com
Subject:  Please Update Your Payment Method

Die fetten Texte sind die offensichtlichen Fehler, an denen man schon im FROM sieht, das es eine richtig schlechte Fälschung ist. Persönliche Anmerkung: „TLS 1.0“ IM ERNST ??? Mit einem EXIM !??!? … grumpf.

Dear customer,

Sorry for the interruption, but we are having trouble authorizing your credit card. Please visit the account payment page at www.netflix.com/YourAccountPayment to enter your payment information again or to use a different payment method. When you have finished, we will try to verify your account again. If it still does not work, you will want to contact your credit card company.

If you have any questions, we are happy to help. Simply call us at 1-866-579-7172.

Ja, was soll man dazu anderes sagen als: Falsche Sprache Ihr Penner! 😀 Wenn man mit dem Mauszeiger über den angeblichen NetFlix Link geht, sieht man auch die gefälschte (von mir entschärfte ) URL zum gehackten Webserver.

Also ab in die digitale Mülltonne damit 😉