Spammer tries to fake spam quarantine digest
About 30 minutes after I received my real spam quarantine digest, I received an email claiming to be a spam quarantine digest. It was obvious to me that it was a fake, but looking closer showed that the spammer did a very poor job crafting this fake. Unfortunately, the everyday computer user may not notice these mistakes. Here’s a screen shot of the message via my webmail interface:
The sender (From: line) lists a .local domain which is not a valid top level domain (e.g. .com, .net, .org, etc). When you hover over the “Click here to access you spam quarantine” link the browser exposes that the link is to https://192.168.1.50:442/quarantine/manageuser… The 192.168.1.50 address is not a valid public IP address. It is part of a block of IP addresses (192.168.0.0 to 192.168.255.255) used for internal, private networks and is not routable (i.e. sent) across the Internet.
Posted by Al Degutis
