Fraudulent email: Suppression de votre nom de domaine chez OVH.
Today I received a fraudulent email purporting to be from OVH and asking me to click a link to renew a domain registered with OVH.
The email really fooled me for a moment! I even got upset that OVH would send me an email requesting that I renew my domain name when it still was many months before expiration. Moreover, it bothered me that OVH would ask for substantially more funds than the price originally quoted for renewal. Sorry, OVH! You didn't do anything wrong!
I was only after I double checked both whois and also the OVH Cloud Control Panel that I realized the email was fishy. Whois showed what I expected. The OVH Cloud Control Panel had a warning about fraudulent emails.
A quick check of the email's link requested to be clicked showed that the link did not point to OVH. A quick check of the email's headers revealed complete nonsense, such as:
Return-Path: [email protected]
[ . . . ]
Received-SPF: Fail (mailfrom) identity=mailfrom; client-ip=85.215.95.85
But, wow! I almost clicked the link in the email!
Here is OVH's page on email fraud.
Tom. 穆坦然. Not Oles. Happy New York City guy visiting Mexico! How is your 文言文?
The MetalVPS.com website runs very speedily on MicroLXC.net! Thanks to @Neoon!
Comments
Aren't you curious, where the link leads. ?
To find out how well structured the psihing page and are there any malware attached?
Just remembered this video. @Not_Oles Have you watched this?
Enjoy meditation without religion for one month.
@Iroshan464
Yeah, that's a great video!
If you are interested, the link from the email is http://stkil1.cycle-lagrave.com?cmd=$COMMAND where $COMMAND is a ten character string consisting of upper and lowercase letters and Arabic numerals.
Hope you have fun if you check it out! And please do let us know what you find.
Tom. 穆坦然. Not Oles. Happy New York City guy visiting Mexico! How is your 文言文?
The MetalVPS.com website runs very speedily on MicroLXC.net! Thanks to @Neoon!
Redirects to ovh.com ?
Enjoy meditation without religion for one month.
Maybe you need a valid $COMMAND value to see the phishing page, and it redirects to ovh if you don't supply it.
That's what I was thinking too. The question remaining in my mind was whether there was only one or a small number of valid values (perhaps for different OVH services or payment amounts or currencies) or whether the value they gave me was tracking.
Tom. 穆坦然. Not Oles. Happy New York City guy visiting Mexico! How is your 文言文?
The MetalVPS.com website runs very speedily on MicroLXC.net! Thanks to @Neoon!
@Not_Oles My bet is on tracking.