AT&T Wireless Spoof

Another multi-recipient spoof with links to an unknown site.

Email Upgrade Phishing

Another example of a fraudulent message intended to capture login credentials.

In this case the website linked to in the message in located in Germany.

Malicious Spoofed Messages

In the last 48 hours we have seen a huge increase in the number and variety of spoofed messages being sent concerning billing, orders or account changes.  These messages frequently look quite similar to legitimate messages from well-known businesses.  While Postini generally stops most of these messages, a few do seem to get through, especially if the sender address is formatted similar to an commonly-approved sender.

Here are just a few:

• American Express -- Confirmation of email address change
  
• American Express -- Fraud Protection Alert 
• AT&T -- Your AT&T wireless bill is ready to view
• Apple -- Order Acknowledgment
• Digital Insight -- Your Password Expired (online banking)
• Intuit -- Your intuit.com order
• Newegg.com -- Payment Charged
• US Airways -- US Airways reservation confirmation
• Verizon -- Thank You for your Verizon Wireless Payment
• Verizon -- Your Bill is Now Available

While some of these messages contain links that go to websites advertising pharmaceutical products, some go to websites that contain malicious content that trigger pop-up or pop-under windows that run scripts that install unwanted software on systems that are may be vulnerable due to out-of date operating system patches, applications or security software.

One thing that many of these messages have in common is that they are addressed to multiple email addresses.  Frequently they are sent to the same domain name (i.e. adams.net).

If you receive such a message your safest course of action is to immediately delete it. 

And a reminder -- keep your operating system, security software and all applications up-to-date.