Results 1 to 9 of 9
  1. #1
    New Lounger
    Join Date
    Jan 2010
    Location
    Olympia, WA
    Posts
    12
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Links may look real, but they might be false!

    I write the following for anyone who might be unaware.

    A few weeks ago I received the following e-mail: (Be careful, the link shown is active but false)

    _______________ Copied message follows ___
    __________________________________

    Dear Comcast Member,

    The credit card we have on file for your Comcast Internet service was declined when we attempted to bill you on 11/30/2012 for your most recent service fees. For this reason, your service could be suspended.

    Please visit our Account Information page: http://comcast.com.account.pb6.biz/b...&r=comcast.net

    Update your credit card information as soon as possible. Once your credit card information is updated, you will be charged immediately, as soon as payment is received. Thank you for your prompt attention to this matter. We look forward to continuing to serve you.

    ************************* E-mail ID: 2837462876 Online Session PID: 83473332 *************************

    Sincerely, Comcast Customer Care

    ______________ End of copied message ______________________________________

    Looking at the link it looks like it is a link to Comcast.com . But.. it isn't. Using an online service at

    http://www.domaintools.com/

    one soon learns that the actual domain you go to is pb6.biz , a domain owned by Horner
    Amy.

    Domaintools.com also gives the following information:
    Domain Name: PB6.BIZ
    Domain ID: D52324187-BIZ
    Sponsoring Registrar: EURODNS SA
    Sponsoring Registrar IANA ID: 1052
    Registrar URL (registration services): htwww.eurodns.com
    Domain Status: clientTransferProhibited
    Registrant ID: EDS_R9850753
    Registrant Name: Horner Amy
    Registrant Address1: 1991 W PHILADELPHIA AV
    Registrant City: OLEY
    Registrant Postal Code: 19547
    Registrant Country: United States
    Registrant Country Code: US
    Registrant Phone Number: +1.2202928288
    Registrant Email:
    Administrative Contact ID: EDS_A9850753
    Administrative Contact Name: Horner Amy
    Administrative Contact Address1: 1991 W PHILADELPHIA AV
    Administrative Contact City: OLEY
    Administrative Contact Postal Code: 19547
    Administrative Contact Country: United States
    Administrative Contact Country Code: US
    Administrative Contact Phone Number: +1.2202928288
    Administrative Contact Email:
    Billing Contact ID: EDS_BILLING
    Billing Contact Name: Julien Franck
    Billing Contact Organization: EuroDNS S.A.
    Billing Contact Address1: 2, rue Leon Laval
    Billing Contact City: Leudelange
    Billing Contact State/Province: -
    Billing Contact Postal Code: L-3372
    Billing Contact Country: Luxembourg
    Billing Contact Country Code: LU

    Reverse Whois: "Horner Amy" owns about9 other domains


    And there you have it. Sneaky, aye!

    I forwarded the message on to abuse@comcast.net.

    I guess the question becomes, If I can find the information regarding Horner Amy why don't the powers to be do the same, then under a court order monitor the activities of the perpetrator and if any illegal transfer of funds takes place slap them with a large fine, shut them down and announce that in the news. I realize that international boundaries are involved and it will take cooperation between governments. But, hey! Isn't Luxembourg a friendly nation? Plus, one can assume that Horner Amy is a real person living in Oley. Zip code 19547

    Addendum

    As commented by mrjimphelps: "I rarely click on a link without first putting my cursor on it and see what shows up in the lower left corner of the browser window. "
    and
    scaisson: "I set up to view email in text view only. This way, I see the real http link, not the false one. "

    Please note. The http link which showed up in the lower left corner of the browser is identical to the link I showed above. It included the comcast.com. You would think that the link points to comcast. It DOESN'T. By viewing the message in text only it would still be identical to the URL I gave above. That is the reason I titled my post, "Links may look real, but they might be false! " You cannot always trust the link shown in the status bar or in the text view.

    Here is another link. It looks like a link to paypal. It is NOT. : ( I added spaces between the www and the .paypal to make the link non active )


    http://www .paypal.com.serviceid.618856.fhow.dyndns-at-home.com/webscr/index==2Ephp?CliendID=3D030726773072129544&r=3D917 3918483
    Last edited by z-rod; 2012-12-27 at 01:32. Reason: possible misunderstanding

  2. #2
    Silver Lounger mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    2,177
    Thanks
    207
    Thanked 213 Times in 205 Posts
    It's really slick the way they set up their web address: "//comcast.com.account.pb6.biz". The part you notice is "comcast.com". Most people wouldn't even have noticed that the actual URL is "pb6.biz".

    I rarely click on a link without first putting my cursor on it and see what shows up in the lower left corner of the browser window. Still, I might not have caught this one.
    Last edited by mrjimphelps; 2012-12-13 at 18:10.

  3. #3
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 932 Times in 853 Posts
    I hope Comcast takes it seriously after you forwarded the email to them. Don't hold your breath though..
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  4. #4
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    You are absolutely right to report it, but as Ted says, I wouldn't hold my breath.

    The address in Oley is genuine, but I don't know if the name is. The Luxembourg link is due to the registrar used (EuroDNS), which appears to be a genuine registrar. The host that pb6 [dot] biz resolves to is located in Texas, run by Westhost.

    One interesting thing is the domain pb6 [dot] biz was registered on 30th November this year. If it, or the host, is used for malicious purposes there has been little time for anyone to react.

    Interestingly, notwithstanding the expectation that Comcast may not react too swiftly, the url in your original post generates a 404 page error (when loaded on a virtual machine running linux). i.e. the page is not resolved - maybe somebody has taken action, or maybe, the bad guys fouled up in the first place.
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  5. #5
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Marietta, Georgia, USA
    Posts
    235
    Thanks
    4
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by Medico View Post
    I hope Comcast takes it seriously after you forwarded the email to them. Don't hold your breath though..
    I get several of these types of emails EVERY week. They are automatically flagged as JUNK MAIL by Thunderbird. I used to forward these to the company whose web address was being spoofed, but I don't really have time any more.
    Rick Groszkiewicz
    Life is too short to drink bad wine (or bad coffee!)

  6. #6
    3 Star Lounger
    Join Date
    Mar 2010
    Location
    USA
    Posts
    252
    Thanks
    46
    Thanked 32 Times in 25 Posts
    I use Thunderbird email client. I set up to view email in text view only. This way, I see the real http link, not the false one.
    It is human, at times, to overlook and click on the false http link. With text view only, it helps me to avoid that.
    When I need to view it in html form, I have to do extra clicks, access the menu. I'm lazy as a habit. The extra work will 'wake' me up, when I'm absent minded.

  7. #7
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    5,481
    Thanks
    130
    Thanked 499 Times in 459 Posts
    Easy to get fooled by one of those false Comcast emails, or any others for that matter.
    It's always better to go directly to the site via your browser to logon, rather than click on an email link.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Windows 8.1, 64 bit
    Motherboard: DX58SO2*Chipset: X58 Express/Intel ICH10*BIOS: SOX5820J.86A.0888.2012.0129.2203*Processor: Intel Core i7 CPU X 990
    GPU: Nvidia GTX 580*Memory: Corsair 12 GB, 4x3@1600*PSU: Corsair HX1000*Hard drives: REVO X2 160GB*OCZ VERT X3 120GB*5 mechanical storage drives (12 TB) total.

  8. #8
    Silver Lounger mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    2,177
    Thanks
    207
    Thanked 213 Times in 205 Posts
    "Horner Amy" owns about9 other domains
    I wonder if "Amy Horner" is related to "Little Jack Horner".

  9. #9
    Star Lounger
    Join Date
    Apr 2010
    Location
    Bath, UK
    Posts
    55
    Thanks
    8
    Thanked 3 Times in 3 Posts
    Probably the most common email scam, the False Link one.

    Always check the end of the domain, just before the forward-slash (in this case .biz/) for the true domain.
    Having a '.com' in the middle is an easy foil, but its the 'dot' AFTER the 'com' that also points to the fake domain ending.

    Another trick (and more insidious) is a link with .com.zip in it, which points directly to a ZIP file which will execute directly on your machine.

    Always check links thoroughly, and as another user said, Plain Text is a bit more secure (no hiding nasty code in pretty pictures).
    And as another user said, never use links in emails, always manually go to the website to log in, even if the email is from a company you know to be ok.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •