EMAIL SPOOF INFORMATION

This is both a WARNING about a Phishing (or possibly worse) attempt AND a short Primer in email faking, or 'spoofing'

I received an email that is a blatant faking attempt - for what purpose, I do not know. (and shall not)

The subject email is PICTURED below - it is not the email itself, but a scree-shot of the email.

NOTE that it looks very much like something that would come from apple. It even shows “Apple” in the ‘from’ block; but that is NOT an Apple email address! <tihwrg@helpdiskservice.com>

IT DID NOT come from Apple! DO NOT BE FOOLED!

NOTE the From: and Reply To; address - it is NOT on the Apple domain; it is from someone that set up the domain “helpdiskservice.com”
ANYBODY can set up a domain name and then set up email account(s) on that domain [as long as the name they choose is not already taken.]
It is interesting to note in this example that the address looks like it might be from a “help desk” - but apparently that domain was taken or something, so the perp used “helpdiskservice - ‘disk’ NOT ‘desk’
REGARDLESS - either would be bogus - just something interesting to note. It may give more insight into the workings of such perps.

AND HERE is a TRICK that everyone should know - HOLD your MOUSE-OVER (do NOT click!!) a LINK and after a short delay, the linked address will show up in a box at the mouse-cursor; shown below, the linked destination is NOT anything to do with Apple (nor anything to do with the FROM address) - it will go to http://www.umanginfotech.com/admin'images/help/

This works well for links in emails AND on web pages.

This particular link points to a DIRECTORY somewhere on a web server on the internet - inside the final (‘help’) directory, there is a page - and i have no idea from this information what that page is - but that page can be almost anything - and it can RUN CODE on your computer - say if it is an ASP page, PHP page - even a ‘regular’ HTML page can have JavaScript and/or VBScript code (and more) on the page that can execute on your computer.

Another interesting thing to note - the /admin/images/help LOOKS to be ‘helpul’ - benign - another way they ‘ease’ you into feeling comfortable. It could even have the word “Apple” in the link - would not mean a thing - the DOMAIN itself is still “www.umanginfotech.com” - anything that FOLLOWS that domain name is ON THAT DOMAIN!

As an added bit of information - in case you are interested - anything that PRECEDES a Domain - as long as it is separated from that domain with a “dot” - is a SUB-DOMAIN of that Domain.
Example: IF there were a domain name in use “www.XYZ.com” then help.XYZ.com would be a sub-domain of XYZ.com
So what? - think about it- someone could have a domain name - say “www.xyz.com” - to make you feel comfortable, they could put harmful code on THEIR sub-domain by using “apple.xyz.com” - at a glance that would seem to many folks to be a ‘valid’ domain belonging to Apple, when it is really a sub-domain of xyz.com…..

Hope this helps someone avoid an encounter with malware - either simple phishing, or malicious code run on your machine - this email could do any of it, if the link were clicked by you….

And remember, it might be Apple, Google, MasterCard - just about ANYTHING - can be embedded into a domain to make you THINK it has to do with something it does not.

questions: email me at: KenDay@DayComSolutions.com

- /<en

Screenshot of subject email: