Warning: Phishing Attempt

Marla Singer's picture

Was only a matter of time, probably.

You will see below a phishing email both Tyler and I received just recently.

This did not come from Zero Hedge.  If you get one, yours also did not come from Zero Hedge.

Be aware.  Surf with care.

From: "noreply@zerohedge.com" <noreply@zerohedge.com>
Date: October 19, 2009 12:01:43 PM CDT
To: <marla@zerohedge.com>
Subject: The settings for the marla@zerohedge.com were changed
X-Spam-Level: *****

Dear user of the zerohedge.com mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox (marla@zerohedge.com) settings were changed In order to apply the new set of settings click on the following link:

http://zerohedge.com/owa/service_directory/settings.php?email=marla@zero...

Best regards, zerohedge.com Technical Support.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Emmanuel Goldstein's picture

Lame.

 

Thanks for the heads up.

Cheeky Bastard's picture

Fuck you NSA, GS, JPM and the lot.

Thank you Marla, i would probably open it.

SWRichmond's picture

CB / Marla,

I have clients getting this exact email with a different mail server named.  Cheeky, that's not to say it isn't NSA.

Marla, thanks for the heads up, and thanks for not clicking on the link.  You really can't be too careful.

Cheeky Bastard's picture

i know man, i was just kidding, i haven't got it yet; maybe GMail isn't a worthless piece of shit as i thought it was.

Gilgamesh's picture

Hmm, at least that looks more legit than FINRA returning money to investors:

http://www.finra.org/Investors/ProtectYourself/InvestorAlerts/FraudsAndScams/P120094

Hephasteus's picture

If you had clicked it then it would have sent your email history out. So it's safe to say we won't be getting those emails.

Careless Whisper's picture

Speaking of Squid programmers, why the silence on Sergey? His Federal case was adjourned until October 16. Come and gone. FREE SERGEY

bookwurm's picture
o           .'`/
      '      /  (
    O    .-'` ` `'-._      .')
       _/ (o)        '.  .' /
       )       )))     ><  <
       `\  |_\      _.'  '. \
         '-._  _ .-'       '.)
         `\__\ all yur passwords are belong to us
MsCreant's picture

You draw nice bait.

There is a pun I must do. Please don't be offended.

With a picture like that you have established yourself as a master baiter.

Biff Malibu's picture

Thanks Marla glad to see you and Travis posting more.  Not to take anything away from Tyler but the variety of commentators on this site makes it the first website I visit every time I get on the internet.

 

Biff

 

. . .'s picture

Marla,

I doubt any ZH'ers will end up receiving a phishing or spam email.  I would like to think that the readers are smart enough to sign up for the site using a disposable email address they close immediately after ZH verifies it.

Anonymous's picture

The real ones wouldn't want to create a user id so that their opinions could be correlated back to them, on another web site under a different name, probably by their writing style and common colloquialism used by them.

As well, they won't feel the need to stroke their egos by having their comments associated with them.

Anonymous's picture

lame attempt by GS

Sqworl's picture

I got several on all my accounts and did not open.  They used my biz account name.  I replied with cc to FBI.  The IP address came from USSR.  Never a dull day in the land of spirits.

Cheeky Bastard's picture

there is no USSR anymore Sqworl baby

VegasBD's picture

Maybe not, but they are filming Red Dawn 2 right now.

...and guess which city looks like a war zone enough to film it in...

waterdog's picture

I could tell that this was a scam. It was too nice to be coming from Marla. If Marla had sent a notice of changes, it would have gone like this- I changed some things to make your life better, accept it. Do not respond or I will pile drive your account into the lower reaches of hell.

Jim_Rockford's picture

Wow, I didn't realize that my subscription to ZeroHedge included an email box.  jim_rockford@zerohedge.com .... how cool is that?  How much extra am I being charged for this?

Cheeky Bastard's picture

Marla, do we all have this, or just the chosen ones 

Miles Kendig's picture

BTW, since you asked.  Here is a slice of pie where we happen to have found each other.  Except some folks know that the oil deal is just a cover.

Cheers

http://www.youtube.com/watch?v=IOtVg05JLPc

Cognitive Dissonance's picture

Thanks Miles Kendig.

There were no bad scenes in "Good Will Hunting". Only better and best. This was one of the best. 

Intuition's picture

I was just a kid when I saw that movie for the first time. I mean utterly wet-behind-the-ears, juvenile thinking, adolescent child. And yet somehow it spoke to me. And that scene was one that somehow conveyed truth that I could not understand nor even really recognize. I've seen it dozens of times since then and it has much truth to this day.

crzyhun's picture

MS, I use a real address...still if I don't know you you get flushed....and truly I am not so big headed to think that you would ever contact me, since I don't know you.

 

Cognitive Dissonance's picture

Follow safe e-mail practices. As you say, dump everything you don't know and always wear a full body condom while reading your e-mail. And don't go all cheap on me and reuse the condom.

SV's picture

Marla, you know this is what you get for pissing on the Anon's that bring their HuffPo logic skills here, right?  I come bace from leaving for a week unplugged and what's that - Tyler having to pull Dante references about Hell in relation to the markets.

Ahhh, it's nice to be back.

Cheeky Bastard's picture

welcome back man, i for one, missed your comments.

SV's picture

Thank you CB. I appreciate her civility in dealing with the morons, hence I try to extend the same.  I'm now trying to unbury myself from the crap that has awaited my return.  I was on the road so I didn't trade OPEX either; would have shot myself... 

Miles Kendig's picture

The weekend after hours action seeps into Monday. Perhaps a new faze has arrived since the attempts at mockery have fallen flat.

Quackking's picture

I run a few Drupal sites on some of my servers and I got this myself. (with the domain name of one of them) - I suspect it is somebody trawling for Drupal credentials, and can't quite understand why. The link itself is going nowhere - it isn't an obfuscated redirect, it actually is trying to go someplace on my server where there is no handler. (So nothing would happen if you clicked on it, that is.)

It is also possible that it is targeting a whole bunch of Windows boxen that have been compromised so there is in fact an /owa/ directory - but again, I don't exactly see this as a high yield attack. Hmm. See below.

 

Not Found

The requested URL http://[victimdomain.com]/owa/service_directory/settings.php was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

 

Update: more here, http://isc.sans.org/diary.html?storyid=7357

 

I don't see the obfuscated link because I (safely) only view the text/plain version of this email. There is a link in the HTML version, apparently.

 

 

 

SWRichmond's picture

The link in one of the versions I got for examination went to xxxxxx.xxxxxxx.xxxxxx.eu, and DNS on the name got me IP's registered in:

Chile, Korea, Taiwan, Morocco, Israel, and Argentina, among others.

Fun stuff.

Anonymous's picture

Are you sure this is a phishing attack?! The link goes directly back to the host server - it doesn't really seem like phishing.

Where does the email originate? "Full headers" or "Show original" or whatever it takes to get your email client to show you all the text. Follow the "Received by" headers.

TomJoad's picture

If this was the best the Anon comments poster from yesterday's Iran article could do in terms of his awesome intraw3bzz retaliation, I am somewhat disappointed. 

 

It's nice to be back on again, the firewall on my SATCOM system wouldn't let me post on ZH, it was all read-only for the past 45 days or so.

peterr's picture
peterr (not verified) Oct 19, 2009 8:03 PM

Tbanks for the heads up!

Goldman and Bank of Amerika run the markets along with Geithner, and beagle boy Ben. There is no free markets, only welfare capitalism and socialism for capitalism.

good articles; good articles 4 slow news day ..http://www..
hat tip: finance news

Intuition's picture

Apparently I've been left out. This is going to wreak havoc on my inferiority complex.