[sf-lug] phishy phishy phish Re: Fwd: SF-LUG.COM [PHISH]

Rick Moen rick at linuxmafia.com
Wed Jul 29 19:09:10 PDT 2020 

Quoting Michael Paoli (michael.paoli at cal.berkeley.edu):

> And since you included your unique phish tracking URL and such in your
> posting, once anything at all has hit that (likely already happened),
> you get moved to the special suckers list of folks that open phish
> email and follow link(s) within,

Bobbie's posting had so much phishing spam drivel in it that my
personal spam-filtering threw away my subscriber copy.  But I can see it 
in the Mailman archives.  Bobbie said:

> ------- Forwarded Message --------
> Subject:     SF-LUG.COM Web SUSPEND Notification
> Date:     Tue, 28 Jul 2020 17:42:04 +0000
> From:     SF-LUG.COM Status <info at netcertificateregistration.com>
> Reply-To:     SF-LUG.COM Status <info at netcertificateregistration.com>
> To:     bliss-sf4ever at dslextreme.com <bliss-sf4ever at dslextreme.com>


tl;dr:  (1) Supply full headers, and
        (2) Do so on Pastebin, not inline on this or any other list.


FYI, if posting with the intent that others investigate something like
this, your report will (usually) be pointless and useless unless you 
provide full SMTP headers -- vs. the severely truncated headers above.

However, I'd also ask that people not blitz the mailing list with such
things.  Instead, put the thing (_with_ full SMTP headers) onto 
pastebin.com or a similar snippet-hosting site, and send the excerpt's 
URL instead.

> Please ensure that you complete payment AS SOON AS POSSIBLE to prevent 
[blah blah blah]


Quick tip:  Everyone associated with Internet domains gets deluged by
fraudulent notices pretty much all the time.  All caps is often heavily
featured.

The same measure that _always_ prevents getting your time and sanity
wasted by phishing applies here;  Just don't believe information
and claims and links that arrive from nobody-in-particular.

So, for example, if worried for any reason about the renewal/experation
status of domain sf-lug.com, the sensible thing to do is check 
the public whois data.


$ whois sf-lug.com | more

   Domain Name: SF-LUG.COM
   Registry Domain ID: 2430851868_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.wildwestdomains.com
   Registrar URL: http://www.wildwestdomains.com
   Updated Date: 2020-06-10T05:10:32Z
   Creation Date: 2019-09-07T18:09:17Z
   Registry Expiry Date: 2020-09-07T18:09:17Z
   Registrar: Wild West Domains, LLC
[...]
$

Out of curiosity, seeing if there's more detail at the registrar's 
whois server:

$ whois -h whois.wildwestdomains.com sf-lug.com | more
[...]
$

Nope, about the same.

BTW, whoever registered that, having all of the contact information
(Registrant, Technical Contact, Administrative Contact) concealed 
from public view strikes me as a bad idea.


Last, I had the vague impression that SF-LUG only really cares about
sf-lug.org, but this might have changed.  I even more vaguely recall
that there was a flurry of domain buying (variants on the name) last
year.

More information about the sf-lug mailing list