Mastodawn

Today I received a phishing email pretending to be from EuroDNS, the domain registrar for @freesewing

The From: address is not what you'd expect, and the link doesn't go where it pretends to go either.

But those are not even visible on nobile UI. What made me immediately suspicious is the threat to delete if no payment is made within 5 days.

Because that's not how this works. When a domain expires, it is placed in quarantine, from where you can get it back for a fee.

Be careful out there.

Show thread

Joost De Cock Mar 15

Here is the message with all headers as plain text: https://gist.github.com/joostdecock/deab3f3887ca3aff1c1e57ed9db98fd3

I've also informed EuroDNS about this,
but I'm not sure what to do about the sender domain, and the domain hosting the linked target. I mean, maybe they are being abused and should be informed, maybe they are part of the badies' infrastructure.

Since I don't have time to dig into this (so exhausted) and EuroDNS is based in Luxembourg I hope it's ok to take the easy way out and tag @adulau instead 😇

EuroDNS phishing email

EuroDNS phishing email. GitHub Gist: instantly share code, notes, and snippets.

Gist

Show thread

Alexandre Dulaunoy

@joost I can also ping them. Usually they are responsive to abuse and security issues.

Show thread

Joost De Cock Mar 16

@adulau I contacted EuroDNS, so that's ok. Just wondering whether I should do more?

Show thread

Alexandre Dulaunoy Mar 16

@joost Usually it should be fine but I'll ping them again. Just in case.

Show thread

Joost De Cock Mar 16

@adulau thank you 🤗🙏