Thread: VM change of email address?
View Single Post
Old 17-04-2010, 13:32   #7
Toto
Inactive
 
Join Date: Dec 2004
Posts: 3,403
Toto has a bronzed appealToto has a bronzed appeal
Toto has a bronzed appealToto has a bronzed appealToto has a bronzed appealToto has a bronzed appealToto has a bronzed appealToto has a bronzed appealToto has a bronzed appealToto has a bronzed appealToto has a bronzed appealToto has a bronzed appealToto has a bronzed appealToto has a bronzed appealToto has a bronzed appeal
Re: VM change of email address?
The point is that email.virginmedia.com resolves to Virgin Media:

Code:
$ host email.virginmedia.com
email.virginmedia.com has address 92.238.96.11

whois 92.238.96.11
[Querying whois.arin.net]
[Redirected to whois.ripe.net:43]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '92.238.96.0 - 92.238.96.127'

inetnum:        92.238.96.0 - 92.238.96.127
netname:        BROADBANDAUDIT
descr:          KNOWSLEY VLAN
country:        GB
admin-c:        TWIP1-RIPE
tech-c:         TWIP3-RIPE
status:         ASSIGNED PA
mnt-by:         AS5462-MNT
source:         RIPE # Filtered

role:           Telewest Broadband IP Network Services
address:        Genesis Business Park
address:        Albert Drive
address:        Woking
address:        Surrey UK
address:        GU21 5RW
e-mail:         ripe@telewest.net
remarks:        To report abuse:
remarks:        file an online case @ http://netreport.virginmedia.com/netreport/
So, adding a few extra bits before the legitimate domain then could confuse some people into thinking its a legitimate email from Virgin Media. It's a known phishing trick that can fool the unsuspecting person.

The email though is making an unusual request, well it would seem unusual at first:

Quote:
To make sure you don’t miss important news about your products and services as well as the latest offers, please update your address book or contact list with our new email address
That does not look like a phishing email, except that because Virgin are now using Google for their email platform, white listing an email address will almost guarantee that even if the content is marked as spam by Google's Postini spam filter, it will still drop into the mailbox.

This is a very clever precursor to what looks like a future strategy of phishing emails aimed at Virgin Media.

Interesting as well is this:

Code:
$ host emails.image.email.virginmedia.com
emails.image.email.virginmedia.com mail is handled by 50 mail-router.e-dialog.com.
That needs looking into.

---------- Post added at 12:32 ---------- Previous post was at 12:24 ----------

Quote:
Originally Posted by Taf View Post
Looks a bit suspect?
Taf, were there any links in that email sir?
Toto is offline   Reply With Quote