This page has been archived and commenting is disabled.

Warning: Phishing Attempt

Marla Singer's picture





 

Was only a matter of time, probably.

You will see below a phishing email both Tyler and I received just recently.

This did not come from Zero Hedge.  If you get one, yours also did not come from Zero Hedge.

Be aware.  Surf with care.

From: "noreply@zerohedge.com" <noreply@zerohedge.com>
Date: October 19, 2009 12:01:43 PM CDT
To: <marla@zerohedge.com>
Subject: The settings for the marla@zerohedge.com were changed
X-Spam-Level: *****

Dear user of the zerohedge.com mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox (marla@zerohedge.com) settings were changed In order to apply the new set of settings click on the following link:

http://zerohedge.com/owa/service_directory/settings.php?email=marla@zero...

Best regards, zerohedge.com Technical Support.

 


- advertisements -

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Mon, 10/19/2009 - 12:15 | Link to Comment Emmanuel Goldstein
Emmanuel Goldstein's picture

Lame.

 

Thanks for the heads up.

Mon, 10/19/2009 - 12:18 | Link to Comment Cheeky Bastard
Cheeky Bastard's picture

Fuck you NSA, GS, JPM and the lot.

Thank you Marla, i would probably open it.

Mon, 10/19/2009 - 12:38 | Link to Comment SWRichmond
SWRichmond's picture

CB / Marla,

I have clients getting this exact email with a different mail server named.  Cheeky, that's not to say it isn't NSA.

Marla, thanks for the heads up, and thanks for not clicking on the link.  You really can't be too careful.

Mon, 10/19/2009 - 12:43 | Link to Comment Cheeky Bastard
Cheeky Bastard's picture

i know man, i was just kidding, i haven't got it yet; maybe GMail isn't a worthless piece of shit as i thought it was.

Mon, 10/19/2009 - 12:22 | Link to Comment Gilgamesh
Gilgamesh's picture

Hmm, at least that looks more legit than FINRA returning money to investors:

http://www.finra.org/Investors/ProtectYourself/InvestorAlerts/FraudsAndScams/P120094

Mon, 10/19/2009 - 12:27 | Link to Comment Hephasteus
Hephasteus's picture

If you had clicked it then it would have sent your email history out. So it's safe to say we won't be getting those emails.

Mon, 10/19/2009 - 12:42 | Link to Comment Careless Whisper
Careless Whisper's picture

Speaking of Squid programmers, why the silence on Sergey? His Federal case was adjourned until October 16. Come and gone. FREE SERGEY

Mon, 10/19/2009 - 12:49 | Link to Comment bookwurm
bookwurm's picture
o           .'`/
      '      /  (
    O    .-'` ` `'-._      .')
       _/ (o)        '.  .' /
       )       )))     ><  <
       `\  |_\      _.'  '. \
         '-._  _ .-'       '.)
         `\__\ all yur passwords are belong to us
Mon, 10/19/2009 - 19:36 | Link to Comment MsCreant
MsCreant's picture

You draw nice bait.

There is a pun I must do. Please don't be offended.

With a picture like that you have established yourself as a master baiter.

Mon, 10/19/2009 - 12:58 | Link to Comment Biff Malibu
Biff Malibu's picture

Thanks Marla glad to see you and Travis posting more.  Not to take anything away from Tyler but the variety of commentators on this site makes it the first website I visit every time I get on the internet.

 

Biff

 

Mon, 10/19/2009 - 12:59 | Link to Comment . . .
. . .'s picture

Marla,

I doubt any ZH'ers will end up receiving a phishing or spam email.  I would like to think that the readers are smart enough to sign up for the site using a disposable email address they close immediately after ZH verifies it.

Mon, 10/19/2009 - 15:46 | Link to Comment Anonymous
Mon, 10/19/2009 - 13:42 | Link to Comment Anonymous
Mon, 10/19/2009 - 13:53 | Link to Comment Sqworl
Sqworl's picture

I got several on all my accounts and did not open.  They used my biz account name.  I replied with cc to FBI.  The IP address came from USSR.  Never a dull day in the land of spirits.

Mon, 10/19/2009 - 14:17 | Link to Comment Cheeky Bastard
Cheeky Bastard's picture

there is no USSR anymore Sqworl baby

Mon, 10/19/2009 - 14:46 | Link to Comment VegasBD
VegasBD's picture

Maybe not, but they are filming Red Dawn 2 right now.

...and guess which city looks like a war zone enough to film it in...

Mon, 10/19/2009 - 14:47 | Link to Comment Cheeky Bastard
Cheeky Bastard's picture

L.A 

Mon, 10/19/2009 - 13:53 | Link to Comment waterdog
waterdog's picture

I could tell that this was a scam. It was too nice to be coming from Marla. If Marla had sent a notice of changes, it would have gone like this- I changed some things to make your life better, accept it. Do not respond or I will pile drive your account into the lower reaches of hell.

Mon, 10/19/2009 - 16:34 | Link to Comment MinnesotaNice
MinnesotaNice's picture

lol

Mon, 10/19/2009 - 14:58 | Link to Comment Jim_Rockford
Jim_Rockford's picture

Wow, I didn't realize that my subscription to ZeroHedge included an email box.  jim_rockford@zerohedge.com .... how cool is that?  How much extra am I being charged for this?

Mon, 10/19/2009 - 15:02 | Link to Comment Cheeky Bastard
Cheeky Bastard's picture

Marla, do we all have this, or just the chosen ones 

Mon, 10/19/2009 - 16:53 | Link to Comment Miles Kendig
Miles Kendig's picture

BTW, since you asked.  Here is a slice of pie where we happen to have found each other.  Except some folks know that the oil deal is just a cover.

Cheers

http://www.youtube.com/watch?v=IOtVg05JLPc

Mon, 10/19/2009 - 18:36 | Link to Comment Cognitive Dissonance
Cognitive Dissonance's picture

Thanks Miles Kendig.

There were no bad scenes in "Good Will Hunting". Only better and best. This was one of the best. 

Mon, 10/19/2009 - 20:58 | Link to Comment Intuition
Intuition's picture

I was just a kid when I saw that movie for the first time. I mean utterly wet-behind-the-ears, juvenile thinking, adolescent child. And yet somehow it spoke to me. And that scene was one that somehow conveyed truth that I could not understand nor even really recognize. I've seen it dozens of times since then and it has much truth to this day.

Mon, 10/19/2009 - 15:45 | Link to Comment crzyhun
crzyhun's picture

MS, I use a real address...still if I don't know you you get flushed....and truly I am not so big headed to think that you would ever contact me, since I don't know you.

 

Mon, 10/19/2009 - 18:38 | Link to Comment Cognitive Dissonance
Cognitive Dissonance's picture

Follow safe e-mail practices. As you say, dump everything you don't know and always wear a full body condom while reading your e-mail. And don't go all cheap on me and reuse the condom.

Mon, 10/19/2009 - 15:59 | Link to Comment SV
SV's picture

Marla, you know this is what you get for pissing on the Anon's that bring their HuffPo logic skills here, right?  I come bace from leaving for a week unplugged and what's that - Tyler having to pull Dante references about Hell in relation to the markets.

Ahhh, it's nice to be back.

Mon, 10/19/2009 - 16:04 | Link to Comment Cheeky Bastard
Cheeky Bastard's picture

welcome back man, i for one, missed your comments.

Mon, 10/19/2009 - 16:35 | Link to Comment SV
SV's picture

Thank you CB. I appreciate her civility in dealing with the morons, hence I try to extend the same.  I'm now trying to unbury myself from the crap that has awaited my return.  I was on the road so I didn't trade OPEX either; would have shot myself... 

Mon, 10/19/2009 - 16:43 | Link to Comment Miles Kendig
Miles Kendig's picture

The weekend after hours action seeps into Monday. Perhaps a new faze has arrived since the attempts at mockery have fallen flat.

Mon, 10/19/2009 - 16:58 | Link to Comment Quackking
Quackking's picture

I run a few Drupal sites on some of my servers and I got this myself. (with the domain name of one of them) - I suspect it is somebody trawling for Drupal credentials, and can't quite understand why. The link itself is going nowhere - it isn't an obfuscated redirect, it actually is trying to go someplace on my server where there is no handler. (So nothing would happen if you clicked on it, that is.)

It is also possible that it is targeting a whole bunch of Windows boxen that have been compromised so there is in fact an /owa/ directory - but again, I don't exactly see this as a high yield attack. Hmm. See below.

 

Not Found

The requested URL http://[victimdomain.com]/owa/service_directory/settings.php was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

 

Update: more here, http://isc.sans.org/diary.html?storyid=7357

 

I don't see the obfuscated link because I (safely) only view the text/plain version of this email. There is a link in the HTML version, apparently.

 

 

 

Mon, 10/19/2009 - 17:48 | Link to Comment SWRichmond
SWRichmond's picture

The link in one of the versions I got for examination went to xxxxxx.xxxxxxx.xxxxxx.eu, and DNS on the name got me IP's registered in:

Chile, Korea, Taiwan, Morocco, Israel, and Argentina, among others.

Fun stuff.

Mon, 10/19/2009 - 16:55 | Link to Comment Anonymous
Mon, 10/19/2009 - 17:43 | Link to Comment TomJoad
TomJoad's picture

If this was the best the Anon comments poster from yesterday's Iran article could do in terms of his awesome intraw3bzz retaliation, I am somewhat disappointed. 

 

It's nice to be back on again, the firewall on my SATCOM system wouldn't let me post on ZH, it was all read-only for the past 45 days or so.

Mon, 10/19/2009 - 20:03 | Link to Comment peterr (not verified)
Mon, 10/19/2009 - 21:03 | Link to Comment Intuition
Intuition's picture

Apparently I've been left out. This is going to wreak havoc on my inferiority complex.

Do NOT follow this link or you will be banned from the site!