Verizion Wireless Appears to be Hacked
An email address I use solely for my Verizon Wireless account has received a phishing scam email. This is a strong indication that Verizon Wireless's systems have been compromised.
A few days prior, I contacted the porting department of Verizon Wireless to initiate the transfer of a phone number from my Verizon Business account to one of my mobile phones. The phishing email may indicate a breach in the porting department, as my Verizon Wireless dedicated email address was created over two years ago and has been fine until now.
The phishing email uses a click-through address hosted by Dreamhost. Dreamhost disabled the spammer's account a few minutes after I alerted them. I also alerted Verizon Wireless at their "phishing@verizonwireless.com" and "abuse@verizon.net" contact addresses.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
Return-Path: <root@speedtodallas1.softlayer.com> Reply-To: "Schwab Alerts" <schwab.[mungle].alerts@schwab-[mungle]verify[mungle].com> From: "Schwab Alerts" <schwab.[mungle].alerts@schwab-[mungle]verify[mungle].com> To: <[CUSTOMEMAILADDRESS]> Subject: Important Notice (ID:17159557690) Date: Thu, 9 Jan 2014 11:14:30 -0500 Message-ID: <20140109161430.A0AAEF2C6F@speedtodallas1.softlayer.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 15.0 Thread-Index: AQIGI03JB9pLk2rsuokpqaNmIe4b3Q== Please click the link below to proceed with verification process: [CLICKTOLINK] 2014 Charles Schwab & Co, Inc. All rights reserved. Member SIPC (2949-54363) |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
------------------------------------------------------------------------ - After reading this response, please consider visiting - the survey below to comment on its quality. Thanks! - http://www.dreamhost.com/survey.cgi?n=[REMOVED] - - If the service you received from us was exceptional, please consider - tweeting your love for @dreamhost. It'll warm our hearts, soothe - our souls, and get you good karma at some point down the road. ------------------------------------------------------------------------ Hello, Thank you for writing. The reported domain has been disabled. If you notice any further such activity on our network please let us know. Thanks, Miguel R -- DreamHost Sales Team + sales@dreamhost.com "We host your dreams" https://dreamhost.com/signup/ http://www.dreamhost.com/ On Thu, 09 Jan 2014, you wrote: > One of your customers is using a dreamhost account as the > click-through link in a Verizion Wireless pfishing scam. > > The account url is: > > schwab-[MUNGLE]verify[MUNGLE].com > > The scam email source is below: > > ============================ > Return-path: <root@speedtodallas1.softlayer.com> > Envelope-to: [CUSTOMEMAILADDRESS] > Delivery-date: Thu, 09 Jan 2014 10:23:33 -0600 > Received: from 184.172.109.195-static.reverse.softlayer.com > ([184.172.109.195]:38301 helo=speedtodallas1.softlayer.com) > by gator4002.hostgator.com with esmtp (Exim 4.80) > (envelope-from <root@speedtodallas1.softlayer.com>) > id 1W1IOL-0001l5-67 > for [CUSTOMEMAILADDRESS]; Thu, 09 Jan 2014 10:23:33 -0600 > Received: by speedtodallas1.softlayer.com (Postfix, from userid 0) > id A0AAEF2C6F; Thu, 9 Jan 2014 10:14:30 -0600 (CST) > To: [CUSTOMEMAILADDRESS] > Subject: Important Notice (ID:17159557690) > X-PHP-Originating-Script: 0:est.php > From: Schwab Alerts > <schwab.[mungle].alerts@schwab-[mungle]verify[mungle].com> > Reply-To: Schwab Alerts > <schwab.[mungle].alerts@schwab-[mungle]verify[mungle].com> > Content-Type: text/plain > Content-Transfer-Encoding: 8bit > Message-Id: <20140109161430.A0AAEF2C6F@speedtodallas1.softlayer.com> > Date: Thu, 9 Jan 2014 10:14:30 -0600 (CST) > X-Spam-Status: No, score=0.4 > X-Spam-Score: 4 > X-Spam-Bar: / > X-Spam-Flag: NO > > > Please click the link below to proceed with verification process: > > > > [CLICKTOLINK] > > > > 2014 Charles Schwab & Co, Inc. All rights reserved. Member SIPC > (2949-54363) > |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
Verizion Wireless has allowed my email address to be stolen by hackers. I create custom email addresses for each company I deal with. The verizion wireless email address I use on my account is, "[CUSTOMEMAILADDRESS]" No other company has this address. It is not present in my email client. It is only used for incoming messages; never outgoing. There is no other source for this email address except for Verizon Wireless. I recently requested a number port from Verizion Business to Verizion Wireless and have been in touch with VW's porting group. There appears to be a security breach somewhere in Verizion Wireless or the porting group. Jon -----Original Message----- Return-path: <root@speedtodallas1.softlayer.com> Envelope-to: [CUSTOMEMAILADDRESS] Delivery-date: Thu, 09 Jan 2014 10:23:33 -0600 Received: from 184.172.109.195-static.reverse.softlayer.com ([184.172.109.195]:38301 helo=speedtodallas1.softlayer.com) by gator4002.hostgator.com with esmtp (Exim 4.80) (envelope-from <root@speedtodallas1.softlayer.com>) id 1W1IOL-0001l5-67 for [CUSTOMEMAILADDRESS]; Thu, 09 Jan 2014 10:23:33 -0600 Received: by speedtodallas1.softlayer.com (Postfix, from userid 0) id A0AAEF2C6F; Thu, 9 Jan 2014 10:14:30 -0600 (CST) To: [CUSTOMEMAILADDRESS] Subject: Important Notice (ID:17159557690) X-PHP-Originating-Script: 0:est.php From: Schwab Alerts <schwab.[MUNGLE].alerts@schwab-[MUNGLE]verify[MUNGLE].com> Reply-To: Schwab Alerts <schwab.[MUNGLE].alerts@schwab-[MUNGLE]verify[MUNGLE].com> Content-Type: text/plain Content-Transfer-Encoding: 8bit Message-Id: <20140109161430.A0AAEF2C6F@speedtodallas1.softlayer.com> Date: Thu, 9 Jan 2014 10:14:30 -0600 (CST) X-Spam-Status: No, score=0.4 X-Spam-Score: 4 X-Spam-Bar: / X-Spam-Flag: NO From: Schwab Alerts [mailto:schwab.[MUNGLE].alerts@schwab-[MUNGLE]verify[MUNGLE].com] Sent: Thursday, January 09, 2014 11:15 AM To: [CUSTOMEMAILADDRESS] Subject: Important Notice (ID:17159557690) Please click the link below to proceed with verification process: [CLICKTOLINK] 2014 Charles Schwab & Co, Inc. All rights reserved. Member SIPC (2949-54363) |
Be the first to comment. Leave a comment