Desde ayer, recibo correos falsificados que están dirigidos a mí. Utilizan información personal, parecen provenir de uno de mis amigos y solo contienen enlaces a estos sitios web:
enlace
http www.sidat.com.mx/engagediatmosphere/Matthew_Bailey44/
(enlaces desactivados para evitar que alguien los siga accidentalmente).
¿Qué debo hacer ahora?
[EDITAR] Más información:
- El correo me dirige personalmente (por nombre)
- El remitente es el nombre completo de mi amigo (sin errores), pero el atacante está usando diferentes correos electrónicos de remitentes (probablemente falsificados).
Aquí está el encabezado del correo (la información personal reemplazada con ${...}
):
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=utf-8
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1345684031; bh=GeuilzHJrvCxtRBuL4FZxQ7aXRM6tpTAePrK26c0570=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=Yr4o5RXwGl5U/PCXc8Fjb2jSCXJ+Tm2Hp2OIjZ5uLP896jlz7BL8fOzaFrDYfkHRnYjDCjUQh8ID/P1lFoFDvi7SNHZpK765gG6yyGfMqOk3Beoozxk60WsNoyy7+R/K/X+RQ+x7ZCWmwYaqDwIn9L0neohCsdKJGKtdZOPFyXM=
Date: Wed, 22 Aug 2012 18:07:11 -0700 (PDT)
Delivery-date: Thu, 23 Aug 2012 03:07:17 +0200
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=6LG8CeLCvrnyj4Nognto3b5cV3zLh/o3gtbFxCf0pYJHx3ulUef0M4XNTe9lU5WnIMwpZaBdaSrF7K31KcBvKwJJcbfwpKNGdezUfKNQC00Fmo4sUur9ZrehWrV+j97HmD/UlEcZKuFwE0Lrq1+MYItPkgEGCeOYaDWBAPqbNsI=;
Envelope-to: ${my email}
From: ${name of friend} <${different addresses}>
MIME-Version: 1.0
Message-ID: <[email protected]>
Received:
from nm23-vm1.bullet.mail.ne1.yahoo.com ([98.138.91.50]) by www.hepe.com with smtp (Exim 4.72) (envelope-from <[email protected]>) id 1T4LtC-0007qp-De for [email protected]; Thu, 23 Aug 2012 03:07:17 +0200
from [98.138.90.51] by nm23.bullet.mail.ne1.yahoo.com with NNFMP; 23 Aug 2012 01:07:12 -0000
from [98.138.89.174] by tm4.bullet.mail.ne1.yahoo.com with NNFMP; 23 Aug 2012 01:07:12 -0000
from [127.0.0.1] by omp1030.mail.ne1.yahoo.com with NNFMP; 23 Aug 2012 01:07:12 -0000
(qmail 52628 invoked by uid 60001); 23 Aug 2012 01:07:11 -0000
from [216.58.103.108] by web163902.mail.gq1.yahoo.com via HTTP; Wed, 22 Aug 2012 18:07:11 PDT
Reply-To: ${different addresses}
Return-path: <${different addresses}>
Subject: FOR ${my name}
To: ${my email}
X-Mailer: YahooMailWebService/0.8.121.416
X-Sender-Host-Country: USA
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on sebigbos.hepe.com
X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1
X-YMail-OSG: grrWpYMVM1nX9hYw_uNTgdCPoNKWu5jkv0EmY0ZHG4tPd2O mRxwvLiQpCv.k64Dpw3ncbfn2yZ8BJSdT8MQfa30vkl_20DL1PRE.Znx._Cq 5nmBpOrqzrKpnI6FQWrv09oazY4eKdfYj4Tctb69dInKejxmOVmrJBDVT.Bg qe.buX4abq2f0JwUSlgieoxQcVlERFSy4ENI6.t633e4GCpKFaWn.5bJk_P5 VYpdFdVgBtyttRn6e1PQFCI4LkETAAzBcXtlcXf2yF5aL7C4SMWhbpXbbyN9 rOdZXO1vl_hxHl5wCY88YrPkKcm9QvRNHDdyIx0PrnEP3GYiLHPbl_4PoB6K m12Bda2O5ObmO8XC4_OOYc.xfkm8DKezgTyMlvooh1miYOyiELCNMhiTsdbq 4tPsZYnwmhGInOo4qnW6zZuhgIMtwmT2PYKubcjX1xWFNQUpKbAK1pdhEycK KcAiO.c43J1A3fnOZ1oNUeIttRKcRtKaRXjL35UmQadPYDIYQOjK9Dq1LCT3 6rSl2ROTg73gxGH_h1wpAb4A9XI0KCElRgIdLv5UQu5eACzNYq2dQo5J_SQP bGU9NyeEBuq9wZXgvMIKF
X-Yahoo-Newman-Id: [email protected]
X-Yahoo-Newman-Property: ymail-3
- Estoy bastante seguro de que mi servidor no está pirateado