Recentemente, ho ricevuto una serie di email da yahoo con persone che cercavano di creare account o di aggiungere indirizzi email @ miodominio.tld al loro account. Mi stavo chiedendo se qualcun altro ha visto questo tipo di comportamento e se sanno quale tipo di attacco o truffa gli hacker stanno cercando di implementare facendo questo?
Le email vengono inviate da "[email protected]". yahoo-inc.com sembra essere registrato al vero Yahoo. Ho controllato i collegamenti e non sembrano essere collegamenti falsi. Questo è il corpo delle e-mail (cambia il mio nome di dominio in "mydomain.tld"):
Verifica questo indirizzo email
You recently added a new email address to your Yahoo! account, or initiated verification of an existing email address. To verify that you own this email address, simply click on the link below.
Your email address was added to the Yahoo! ID: lu*********. If this Yahoo! ID does not belong to you, or you did not recently add your email address to this Yahoo! ID, you may permanently stop receiving messages for this Yahoo! ID at this email address. Please let us know.
Verifying your email address ensures that you can securely retrieve your account information if your password is lost or stolen. You must verify your email address before you can use it on Yahoo! services that require an email address.
For your security, please keep your email address information up-to-date. If this information changes, you can always update it by signing in to your Yahoo! account and changing it from the "My Account" area.
Verifica "[email protected]"
Nel messaggio "Per favore faccelo sapere" i collegamenti ipertestuali a "https://edit.yahoo.com/commchannel/disavow?p={inserisci hash / identificatore casuale qui} - & ; .partner = & .intl uS =
L'ID utente viene inviato anche con asterischi per qualsiasi motivo (possibilmente per impedire il dirottamento?)
Posso fare clic sul link e in effetti mi dà un messaggio che l'account non può aggiungere questo indirizzo email.
Quindi mi stavo chiedendo se qualcuno sa cosa cercano di tirare questi ragazzi? Stanno solo testando le acque sul mio server o stanno cercando di inviarmi lo spam. Ho un indirizzo catch all che è il motivo per cui ottengo questi. Ho ricevuto circa 3 di queste e-mail nelle ultime 2 settimane e voglio assicurarmi che stia prendendo delle azioni proattive per fermare qualunque cosa stiano facendo. Mi piacerebbe sapere se qualcun altro ha visto questo e qual è lo scopo.
Per richiesta, ecco il corpo --- niente da pescare se me lo chiedi
Received: from [72.30.235.65] by n2.bullet.mail.bf1.yahoo.com with NNFMP; 11 Feb 2012 19:20:17 -0000
Received: from [98.139.143.201] by t2.bullet.mail.bf1.yahoo.com with NNFMP; 11 Feb 2012 19:20:17 -0000
Date: 11 Feb 2012 11:20:17 -0800
Received: from [127.0.0.1] by with NNFMP; 11 Feb 2012 19:20:17 -0000
To: [email protected]
From: [email protected]
Reply-To: [email protected]
Errors-To: [email protected]
Subject: =?windows-1252?Q?Verify_this_email_address?=
X-Yahoo-Newman-Property: reg
X-Yahoo-Newman-Id: 653512080
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="==_MIME-Boundary-1_=="
X-Gm-Message-State: ALoCoQmMzE5QIYqmvZye++czq+hUu+prxtBoWShcB0uWoeGYP4cyhtt2vAca+RulGHTFUUyoYnz6
--==_MIME-Boundary-1_==
Content-Type: text/plain; charset=windows-1252
Content-transfer-encoding: quoted-printable
Email Address: [email protected]=20
Verifying your email address ensures that you can securely retrieve your =
account information if your password is lost or stolen. You must verify =
your email address before you can use it on Yahoo! services that require =
an email address.=20
Your email address was added to the Yahoo! ID: lu*********. If this =
Yahoo! ID does not belong to you, or you did not
recently add your email address to this Yahoo! ID, you may permanently =
stop receiving messages for this Yahoo! ID at
this email address. Please visit the following link:
https://edit.yahoo.com/commchannel/disavow?p=randomhashremovedfordemopurposes--&.partner=3D&.intl=3Dus=
=20
Verify your email address by visiting the following link:
https://edit.yahoo.com/commchannel/verify?.intl=3Dus&p=randomhashremovedfordemopurposes=_suc=
&.partner=3D=20
You will be required to enter the password to your Yahoo! account.
If the Yahoo! account, lu*********, does not belong to you, let us know so =
you stop receiving email for this account.
For your security, please keep your email address information up-to-date. =
If this information changes, you can always update it by signing in to =
your Yahoo! account and changing it from the "My Account" area.
If you did not create this account, <a href=3D'https://edit.yahoo.com/comm=
channel/disavow?p=randomhashremovedfordemopurposes--&.partner=3D&.intl=3Dus'>click here</a>
Si vous n=92=EAtes pas le cr=E9ateur de ce compte, <a =
href=3D'https://edit.yahoo.com/commchannel/disavow?p=randomhashremovedfordemopurposes--&.partner=3D&.int=
l=3Dfr'>cliquez ici</a>
Si no creaste esta cuenta, <a href=3D'https://edit.yahoo.com/commchannel/d=
isavow?p=randomhashremovedfordemopurposes=
4XpaAyF7h3A--&.partner=3D&.intl=3Des'>haz clic aqu=ED</a>
Regards,
Yahoo! Account Services
********************************************************=20
--==_MIME-Boundary-1_==
Content-Type: text/html; charset=windows-1252
Content-transfer-encoding: quoted-printable
<div style=3D"direction: ltr;">
<img src=3D"https://s.yimg.com/lq/i/brand/purplelogo/base/us.gif" =
vspace=3D"10" hspace=3D"20">
<hr noshade width=3D"95%">
<br><br>
<table border=3D"0" width=3D"735">
<tbody>
<tr>
<td width=3D"10%"> </td>
<td width=3D"80%">
<font size=3D"+1" color=3D"#631266" face=3D"Arial">
<b>Verify this email address</b>
</font>
<br>
</td>
<td width=3D"10%"> </td>
</tr>
<tr>
<td colspan=3D"3"> </td>
</tr>=09
<tr>
<td width=3D"10%"> </td>
<td width=3D"80%">
<font face=3D"Arial" size=3D"-1">You recently added a new email address =
to your Yahoo! account, or initiated verification of an existing email =
address. To verify that you own this email address, simply click on the =
link below.</font>
</td>
<td width=3D"10%"> </td>
</tr>
<tr>
<td colspan=3D"3"> </td>
</tr>=09
<tr>
<td width=3D"10%"> </td>
<td width=3D"80%">
<font face=3D"Arial" size=3D"-1">Your email address was added to the =
Yahoo! ID: ‎lu*********‎. If this Yahoo! ID does not belong to =
you, or you did not
recently add your email address to this Yahoo! ID, you may permanently =
stop receiving messages for this Yahoo! ID at
this email address. <a href=3D"https://edit.yahoo.com/commchannel/disavow=
?p=randomhashremovedfordemopurposes--&.partner=3D&.intl=3Dus">Please let us know.</a></font>
</td>
<td width=3D"10%"> </td>
</tr>=09
<tr>
<td colspan=3D"3"> </td>
</tr>
<tr>
<td width=3D"10%"> </td>
<td>
<font face=3D"Arial" size=3D"-1">Verifying your email address ensures =
that you can securely retrieve your account information if your password =
is lost or stolen. You must verify your email address before you can use =
it on Yahoo! services that require an email address.</font>
</td>
<td width=3D"10%"> </td>
</tr>
<tr>
<td colspan=3D"3"> </td>
</tr>=09
<tr>
<td width=3D"10%"> </td>
<td>
<font face=3D"Arial" size=3D"-1">For your security, please keep your =
email address information up-to-date. If this information changes, you can =
always update it by signing in to your Yahoo! account and changing it from =
the "My Account" area.</font>
</td>
<td width=3D"10%"> </td>
</tr>
<tr>
<td colspan=3D"3" align=3D"center">
<br>
<br>
<br>
<font size=3D"+1" face=3D"Arial"><b><a href=3D"https://edit.yahoo.com/c=
ommchannel/verify?.intl=3Dus&p=randomhashremovedfordemopurposes=3D&done=3D">Verify "[email protected]"</a></b></font>
<br>
<br>
<br>
</td>
</tr>
<tr>
<td width=3D"10%"> </td>
<td>
<font face=3D"Arial" size=3D"-1">If you can't click the sign in button, =
you can verify your email address by copying and pasting (or typing) the =
following address into your browser:</font>
</td>
<td width=3D"10%"> </td>
</tr>
<tr>
<td colspan=3D"3"> </td>
</tr>=09
<tr>
<td width=3D"10%"> </td>
<td colspan=3D"2">
<font face=3D"Arial" size=3D"-1"><a href=3D"https://edit.yahoo.com/comm=
channel/verify?.intl=3Dus&p=randomhashremovedfordemopurposes=3D&done=3D">https://edit.yahoo.com/commchannel/verify?.intl=3Dus&p=3DB2Dm=
R.ePbHa02JFe2.6rNQdqVDLvqdbFgLu8b<br>gt2G.aqcu99zvf5yNyNnV6KRw9XOg.8Fwykc.=
5In88EDdcEwB_sucPuLR3KY1kx4hXxG8ih&.partner=3D&done=3D</a></font>
</td>
</tr>
<tr>
<td colspan=3D"3"> </td>
</tr>
<tr>
<td width=3D"10%"> </td>
<td colspan=3D"2">
<font face=3D"Arial" size=3D"-1">
<b>Not your account?</b>
</font>
<br><br>
</td>
</tr>
<tr>
<td width=3D"10%"> </td>
<td colspan=3D"2">
<font face=3D"Arial" size=3D"-1">
If you did not create this account, <a =
href=3D"https://edit.yahoo.com/commchannel/disavow?p=randomhashremovedfordemopurposes--&.partner=3D&.int=
l=3Dus">click here</a>
<br><br>
Si vous n=92=EAtes pas le cr=E9ateur de ce =
compte, <a href=3D"https://edit.yahoo.com/commchannel/disavow?p=randomhashremovedfordemopurposes--&.part=
ner=3D&.intl=3Dfr">cliquez ici</a>
<br><br>
Si no creaste esta cuenta, <a =
href=3D"https://edit.yahoo.com/commchannel/disavow?p=randomhashremovedfordemopurposes--&.partner=3D&.int=
l=3Des">haz clic aqu=ED</a>
</font>
</td>
</tr> =09
<tr>
<td colspan=3D"3"> </td>
</tr> =09
</tbody>
</table>
<hr noshade width=3D"95%">
<table width=3D"750">
<tbody>
<tr>
<td width=3D"2.5%"> </td>
<td>
<font face=3D"Arial" size=3D"-3"></font>
</td>
</tr>
<tr>
<td width=3D"2.5%"> </td>
<td>
<font face=3D"Arial" size=3D"-3"><p>Copyright =A9 2012 Yahoo! Inc. All =
rights reserved.<a =
href=3D'https://legalredirect.yahoo.com/copyright?intl=3Dus' =
target=3D'_blank'>Copyright/IP Policy</a> | <a =
href=3D'https://legalredirect.yahoo.com/utos?intl=3Dus' =
target=3D'_blank'>Terms of Service</a></p>
<p id=3D'privacy_notice'>NOTICE: We collect personal information on =
this site. To learn more about how we use your information, see our <a =
href=3D'https://legalredirect.yahoo.com/privacy?intl=3Dus'>Privacy =
Policy</a>.</p><br>
</font>
</td>
</tr> =09
</tbody>
</table>
</div>
--==_MIME-Boundary-1_==--