Friday, September 24, 2010

Has my cables provider's billing system been compromised?

My cable provider (internet and telephony infrastructure) in Israel is a company called HOT. I get my invoices from their service into my mail, and this morning I got this email:


This email's title is in hebrew, translated it says: "A notification about a change in billing service username" (roughly) the sender seems to be HOT but in fact it is not, as you can see, the red arrow points to the real underlying email address: "newsletter@em-sender1.com", this is how it looks normally (green arrow):


Normally, links in emails coming from HOT billing service lead to https://mybills.hot.net.il/something, e.g (green arrow):


However, in the suspicious email the links looks very... err... suspicious :)
(red arrow again)


So this email is either a very unwise attempt to use some external email sending service or, and I stress the OR, it means someone is trying a phishing move. I find it hard to believe someone would try such a specific phishing email on a random bank of emails...

My only logical conjecture is: the sender had access to a list of HOT customers (business customer in my case), which is a very scary conjecture, one that I hope will be proven wrong...


UPDATE:


Further investigation reveals that em-sender*.com might be connected to a company called inwise.com. Hmmm... this mail might be legit after all...

No comments:

Post a Comment