[prev in list] [next in list] [prev in thread] [next in thread]
List: patchmanagement
Subject: Re: [patchmanagement] Mod note: Investigating a phishing email regarding "Invoice"
From: Roy Adams <roy () racs ! com ! au>
Date: 2017-04-25 23:36:14
Message-ID: CAK8EJS0Pop-ahoibUAp1tfnjhdd8vzpcigpFtjWYdtMXv6_EOw () mail ! gmail ! com
[Download RAW message or body]
I had also deleted, but have Google Vault for searching for deleted
stuff... contents from Vault.
It had a PDF attachment.
Regards
Roy
https://www.dropbox.com/s/dxuszryeec2qsvz/Screenshot%202017-04-26%2009.34.56.png?dl=0
from: "wice.wojt" <wice.wojt@gmina-jezowe.pl Patch Management Mailing List>
to: "roy" <roy@racs.com.au>
date: 2017 Apr 26 04:45:16
subject: Attachment 38336-879-0
system labels: Deleted, Opened, Spam
user labels:
hide details print original 04:45
Open the attachment to view the document.
65391356_65391356.pdf
ROY ADAMS* | *P 07 3040 5010 | Web http://www.racs.com.au/ | Wiki
https://ex.racs.com.au:444/ | EMail mailto:roy@racs.com.au <roy@racs.com.au>
On 26 April 2017 at 08:51, Ralf Quint <pcworxla@gmail.com> wrote:
> On 4/25/2017 1:36 PM, Susan E Bradley wrote:
> > I've had several reports that a phishing email was sent out. I'm
> > investigating to see if something got through the spam filters/got
> > past my eyeballs.
> >
> > Apologies in advance if I accidentally let something through.
> >
> > In the meantime, remember to use reverse.it or virustotal.com on
> > anything you are unsure of.
> I got such a "phishy" email too, but it didn't come from the mailing
> list, but from a .cz address, though I have not checked if that was
> possibly spoofed.
> It mentioned "PATCH MANAGEMENT LIST" (all caps) in the subject line,
> which by itself is already suspicious. Unfortunately, I already emptied
> the Junk mail folder at my Gmail address, so I can't provide any more
> details about it. It had a 3.xx KB large (rather small) .PDF file
> attached, which also is far to small for a legitimate .PDF file, beside
> that I doubt that sending attachments like this isn't allowed on the
> list, right?
> But again, it was definitely not send through this list, it just tried
> (badly) to look like it...
>
> Ralf
> --
> -- P.C.Worx * On-Site IT Services Phone: (323)744-1081 Mailing address:
> 12235 Spring Trail, Sylmar, CA 91342 www.pcworxla.com --
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>
>
> ---
> PatchManagement.org is hosted by Shavlik
>
> The content on the email list is intended for assisting administrators.
> If you would like to use any of this content in a blog or media
> publication, please contact the owners of the list for approval.
>
> To unsubscribe send a blank email to leave-patchmanagement@
> patchmanagement.org
> If you are unable to unsubscribe via this email address, please email
> owner-patchmanagement@patchmanagement.org
>
---
PatchManagement.org is hosted by Shavlik
The content on the email list is intended for assisting administrators. If you would \
like to use any of this content in a blog or media publication, please contact the \
owners of the list for approval.
To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
If you are unable to unsubscribe via this email address, please email
owner-patchmanagement@patchmanagement.org
[Attachment #3 (text/html)]
<div dir="ltr"><div class="gmail_default" \
style="font-family:verdana,sans-serif;font-size:small">I had also deleted, but have \
Google Vault for searching for deleted stuff... contents from Vault.</div><div \
class="gmail_default" style="font-family:verdana,sans-serif;font-size:small">It had a \
PDF attachment.</div><div class="gmail_default" \
style="font-family:verdana,sans-serif;font-size:small"><br></div><div \
class="gmail_default" \
style="font-family:verdana,sans-serif;font-size:small">Regards</div><div \
class="gmail_default" \
style="font-family:verdana,sans-serif;font-size:small">Roy</div><div \
class="gmail_default" \
style="font-family:verdana,sans-serif;font-size:small"><br></div><div \
class="gmail_default"><font face="verdana, sans-serif"><a \
href="https://www.dropbox.com/s/dxuszryeec2qsvz/Screenshot%202017-04-26%2009.34.56.png \
?dl=0">https://www.dropbox.com/s/dxuszryeec2qsvz/Screenshot%202017-04-26%2009.34.56.png?dl=0</a></font><br></div><div \
class="gmail_default"><font face="verdana, sans-serif"><br></font></div><div \
class="gmail_default"><div class="gmail-AHD66SB-Ob-p" \
style="padding:7px;font-family:arial;font-size:13px"><div class="gmail-AHD66SB-Ob-o" \
style="margin-right:7px;font-size:inherit;font-weight:inherit;font-style:inherit;font-variant:inherit"><table><colgroup><col><col></colgroup><tbody><tr><td \
class="gmail-AHD66SB-Ob-q" \
style="padding-right:15px;color:rgb(119,119,119);text-align:right">from:</td><td><span \
class="gmail-gwt-InlineLabel">"wice.wojt" <<a \
href="mailto:wice.wojt@gmina-jezowe.pl">wice.wojt@gmina-jezowe.pl</a> Patch \
Management Mailing List></span></td></tr><tr><td class="gmail-AHD66SB-Ob-q" \
style="padding-right:15px;color:rgb(119,119,119);text-align:right">to:</td><td><span \
class="gmail-gwt-InlineLabel">"roy" <<a \
href="mailto:roy@racs.com.au">roy@racs.com.au</a>></span></td></tr><tr><td \
class="gmail-AHD66SB-Ob-q" \
style="padding-right:15px;color:rgb(119,119,119);text-align:right">date:</td><td>2017 \
Apr 26 04:45:16</td></tr><tr><td class="gmail-AHD66SB-Ob-q" \
style="padding-right:15px;color:rgb(119,119,119);text-align:right">subject:</td><td><span \
class="gmail-gwt-InlineLabel">Attachment 38336-879-0</span></td></tr><tr><td \
class="gmail-AHD66SB-Ob-q" \
style="padding-right:15px;color:rgb(119,119,119);text-align:right">system \
labels:</td><td><span class="gmail-gwt-InlineLabel">Deleted, Opened, \
Spam</span></td></tr><tr><td class="gmail-AHD66SB-Ob-q" \
style="padding-right:15px;color:rgb(119,119,119);text-align:right">user \
labels:</td><td><span \
class="gmail-gwt-InlineLabel"></span></td></tr></tbody></table></div><div \
class="gmail-AHD66SB-Ob-r" style="margin-top:1ex;margin-right:1.3em"><a \
class="gmail-AHD66SB-Ob-h" style="padding-right:0.5em">hide details</a> <a \
class="gmail-AHD66SB-Ob-h" style="padding-right:0.5em">print</a> <a \
class="gmail-AHD66SB-Ob-h" style="padding-right:0.5em">original</a> <span \
class="gmail-gwt-InlineLabel">04:45</span> </div><div \
style="clear:both"></div></div><div class="gmail-AHD66SB-Ob-i" style="margin:0px \
1ex;font-family:arial;font-size:13px"><div class="gmail-gwt-uid-1627 \
gmail-gwt-uid-1629 gmail-gwt-uid-1631"><div class="gmail-gwt-HTML" \
dir="ltr"><br><br>Open the attachment to view the document. \
<br>65391356_65391356.pdf </div></div></div></div><div class="gmail_extra"><br \
clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><span \
style="font-size:7.5pt;font-family:Arial,sans-serif;color:rgb(31,73,125)">ROY \
ADAMS<b> | </b></span><span \
style="font-size:7.5pt;font-family:Arial,sans-serif;color:gray">P</span><span \
style="font-size:7.5pt;font-family:Arial,sans-serif;color:rgb(31,73,125)"> <a \
value="+61730405010" style="color:rgb(17,85,204)">07 3040 5010</a> | </span><span \
style="font-size:7.5pt;font-family:Arial,sans-serif;color:gray">Web</span><span \
style="font-size:7.5pt;font-family:Arial,sans-serif;color:rgb(31,73,125)"> <a \
href="http://www.racs.com.au/" style="color:rgb(17,85,204)" \
target="_blank">http://www.racs.com.au/</a> | </span><span \
style="font-size:7.5pt;font-family:Arial,sans-serif;color:gray">Wiki</span><span \
style="font-size:7.5pt;font-family:Arial,sans-serif;color:rgb(31,73,125)"> <a \
href="https://ex.racs.com.au:444/" style="color:rgb(17,85,204)" \
target="_blank">https://ex.racs.com.au:444/</a> | </span><span \
style="font-size:7.5pt;font-family:Arial,sans-serif;color:gray">EMail</span><span \
style="font-size:7.5pt;font-family:Arial,sans-serif;color:rgb(31,73,125)"> <a \
href="mailto:roy@racs.com.au" style="color:rgb(17,85,204)" \
target="_blank">mailto:roy@racs.com.au</a></span><br></div></div></div></div></div> \
<br><div class="gmail_quote">On 26 April 2017 at 08:51, Ralf Quint <span \
dir="ltr"><<a href="mailto:pcworxla@gmail.com" \
target="_blank">pcworxla@gmail.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">On 4/25/2017 1:36 PM, Susan E Bradley wrote:<br> > \
I've had several reports that a phishing email was sent out. I'm<br> > \
investigating to see if something got through the spam filters/got<br> > past my \
eyeballs.<br> ><br>
> Apologies in advance if I accidentally let something through.<br>
><br>
> In the meantime, remember to use <a href="http://reverse.it" rel="noreferrer" \
target="_blank">reverse.it</a> or <a href="http://virustotal.com" rel="noreferrer" \
target="_blank">virustotal.com</a> on<br> > anything you are unsure of.<br>
I got such a "phishy" email too, but it didn't come from the \
mailing<br> list, but from a .cz address, though I have not checked if that was<br>
possibly spoofed.<br>
It mentioned "PATCH MANAGEMENT LIST" (all caps) in the subject line,<br>
which by itself is already suspicious. Unfortunately, I already emptied<br>
the Junk mail folder at my Gmail address, so I can't provide any more<br>
details about it. It had a 3.xx KB large (rather small) .PDF file<br>
attached, which also is far to small for a legitimate .PDF file, beside<br>
that I doubt that sending attachments like this isn't allowed on the<br>
list, right?<br>
But again, it was definitely not send through this list, it just tried<br>
(badly) to look like it...<br>
<br>
Ralf<br>
--<br>
-- P.C.Worx * On-Site IT Services Phone: (323)744-1081 Mailing address:<br>
12235 Spring Trail, Sylmar, CA 91342 <a href="http://www.pcworxla.com" \
rel="noreferrer" target="_blank">www.pcworxla.com</a> --<br> <br>
---<br>
This email has been checked for viruses by Avast antivirus software.<br>
<a href="https://www.avast.com/antivirus" rel="noreferrer" \
target="_blank">https://www.avast.com/<wbr>antivirus</a><br> <br>
<br>
---<br>
PatchManagement.org is hosted by Shavlik<br>
<br>
The content on the email list is intended for assisting administrators. If you \
would like to use any of this content in a blog or media publication, please contact \
the owners of the list for approval.<br> <br>
To unsubscribe send a blank email to <a \
href="mailto:leave-patchmanagement@patchmanagement.org">leave-patchmanagement@<wbr>patchmanagement.org</a><br>
If you are unable to unsubscribe via this email address, please email<br>
<a href="mailto:owner-patchmanagement@patchmanagement.org">owner-patchmanagement@<wbr>patchmanagement.org</a><br>
</blockquote></div><br></div></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic