Verizion Wireless Appears to be Hacked

Jon Jaroker — Thu, 09 Jan 2014 17:26:18 +0000

An email address I use solely for my Verizon Wireless account has received a phishing scam email. This is a strong indication that Verizon Wireless's systems have been compromised.

A few days prior, I contacted the porting department of Verizon Wireless to initiate the transfer of a phone number from my Verizon Business account to one of my mobile phones. The phishing email may indicate a breach in the porting department, as my Verizon Wireless dedicated email address was created over two years ago and has been fine until now.

The phishing email uses a click-through address hosted by Dreamhost. Dreamhost disabled the spammer's account a few minutes after I alerted them. I also alerted Verizon Wireless at their "phishing@verizonwireless.com" and "abuse@verizon.net" contact addresses.

Return-Path: <root@speedtodallas1.softlayer.com>
Reply-To: "Schwab Alerts" <schwab.[mungle].alerts@schwab-[mungle]verify[mungle].com>
From: "Schwab Alerts" <schwab.[mungle].alerts@schwab-[mungle]verify[mungle].com>
To: <[CUSTOMEMAILADDRESS]>
Subject: Important Notice (ID:17159557690)
Date: Thu, 9 Jan 2014 11:14:30 -0500
Message-ID: <20140109161430.A0AAEF2C6F@speedtodallas1.softlayer.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQIGI03JB9pLk2rsuokpqaNmIe4b3Q==

Please click the link below to proceed with verification process:

[CLICKTOLINK]

2014 Charles Schwab & Co, Inc. All rights reserved. Member SIPC  (2949-54363)

------------------------------------------------------------------------
- After reading this response, please consider visiting
- the survey below to comment on its quality. Thanks!
- http://www.dreamhost.com/survey.cgi?n=[REMOVED]
-
- If the service you received from us was exceptional, please consider
- tweeting your love for @dreamhost.  It'll warm our hearts, soothe
- our souls, and get you good karma at some point down the road.
------------------------------------------------------------------------

Hello,

Thank you for writing. The reported domain has been disabled. If you notice any further such activity on our network please let us know.

Thanks,
Miguel R

-- 
DreamHost Sales Team   +   sales@dreamhost.com
"We host your dreams"		   https://dreamhost.com/signup/
http://www.dreamhost.com/

On Thu, 09 Jan 2014, you wrote:

> One of your customers is using a dreamhost account as the 
> click-through link in a Verizion Wireless pfishing scam.
> 
> The account url is:
> 
> schwab-[MUNGLE]verify[MUNGLE].com
> 
> The scam email source is below:
> 
> ============================
> Return-path: <root@speedtodallas1.softlayer.com>
> Envelope-to: [CUSTOMEMAILADDRESS]
> Delivery-date: Thu, 09 Jan 2014 10:23:33 -0600
> Received: from 184.172.109.195-static.reverse.softlayer.com
> ([184.172.109.195]:38301 helo=speedtodallas1.softlayer.com)
>	  by gator4002.hostgator.com with esmtp (Exim 4.80)
>	  (envelope-from <root@speedtodallas1.softlayer.com>)
>	  id 1W1IOL-0001l5-67
>	  for [CUSTOMEMAILADDRESS]; Thu, 09 Jan 2014 10:23:33 -0600
> Received: by speedtodallas1.softlayer.com (Postfix, from userid 0)
>	  id A0AAEF2C6F; Thu,  9 Jan 2014 10:14:30 -0600 (CST)
> To: [CUSTOMEMAILADDRESS]
> Subject: Important Notice (ID:17159557690)
> X-PHP-Originating-Script: 0:est.php
> From: Schwab Alerts
> <schwab.[mungle].alerts@schwab-[mungle]verify[mungle].com>
> Reply-To: Schwab Alerts
> <schwab.[mungle].alerts@schwab-[mungle]verify[mungle].com>
> Content-Type: text/plain
> Content-Transfer-Encoding: 8bit
> Message-Id: <20140109161430.A0AAEF2C6F@speedtodallas1.softlayer.com>
> Date: Thu,  9 Jan 2014 10:14:30 -0600 (CST)
> X-Spam-Status: No, score=0.4
> X-Spam-Score: 4
> X-Spam-Bar: /
> X-Spam-Flag: NO
> 
> 
> Please click the link below to proceed with verification process:
> 
> 
> 
> [CLICKTOLINK]
> 
> 
> 
> 2014 Charles Schwab & Co, Inc. All rights reserved. Member SIPC  
> (2949-54363)
>

Verizion Wireless has allowed my email address to be stolen by hackers.

I create custom email addresses for each company I deal with.  The verizion wireless email address I use on my account is, "[CUSTOMEMAILADDRESS]"

No other company has this address.  It is not present in my email client.  It is only used for incoming messages; never outgoing.

There is no other source for this email address except for Verizon Wireless.

I recently requested a number port from Verizion Business to Verizion Wireless and have been in touch with VW's porting group.

There appears to be a security breach somewhere in Verizion Wireless or the porting group.

Jon

-----Original Message-----
Return-path: <root@speedtodallas1.softlayer.com>
Envelope-to: [CUSTOMEMAILADDRESS]
Delivery-date: Thu, 09 Jan 2014 10:23:33 -0600
Received: from 184.172.109.195-static.reverse.softlayer.com ([184.172.109.195]:38301 helo=speedtodallas1.softlayer.com)
	by gator4002.hostgator.com with esmtp (Exim 4.80)
	(envelope-from <root@speedtodallas1.softlayer.com>)
	id 1W1IOL-0001l5-67
	for [CUSTOMEMAILADDRESS]; Thu, 09 Jan 2014 10:23:33 -0600
Received: by speedtodallas1.softlayer.com (Postfix, from userid 0)
	id A0AAEF2C6F; Thu,  9 Jan 2014 10:14:30 -0600 (CST)
To: [CUSTOMEMAILADDRESS]
Subject: Important Notice (ID:17159557690)
X-PHP-Originating-Script: 0:est.php
From: Schwab Alerts <schwab.[MUNGLE].alerts@schwab-[MUNGLE]verify[MUNGLE].com>
Reply-To: Schwab Alerts <schwab.[MUNGLE].alerts@schwab-[MUNGLE]verify[MUNGLE].com>
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
Message-Id: <20140109161430.A0AAEF2C6F@speedtodallas1.softlayer.com>
Date: Thu,  9 Jan 2014 10:14:30 -0600 (CST)
X-Spam-Status: No, score=0.4
X-Spam-Score: 4
X-Spam-Bar: /
X-Spam-Flag: NO

From: Schwab Alerts [mailto:schwab.[MUNGLE].alerts@schwab-[MUNGLE]verify[MUNGLE].com] 
Sent: Thursday, January 09, 2014 11:15 AM
To: [CUSTOMEMAILADDRESS]
Subject: Important Notice (ID:17159557690)

Please click the link below to proceed with verification process:

[CLICKTOLINK]

2014 Charles Schwab & Co, Inc. All rights reserved. Member SIPC  (2949-54363)

Jon Jaroker » verizon wireless

Verizion Wireless Appears to be Hacked