Recientemente, he estado recibiendo una serie de correos electrónicos de yahoo con personas que intentan crear cuentas o agregar direcciones de correo electrónico @ mydomain.tld a su cuenta. Me preguntaba si alguien más ha visto este tipo de comportamiento y si saben qué tipo de ataque o estafa están intentando implementar los atacantes al hacer esto.
Los correos electrónicos se envían desde "[email protected]". yahoo-inc.com parece estar registrado en el Yahoo real. Revisé los enlaces y no parecen ser enlaces falsos. Este es el cuerpo de los correos electrónicos (cambie mi nombre de dominio a "mydomain.tld"):
Verificar esta dirección de correo electrónico
You recently added a new email address to your Yahoo! account, or initiated verification of an existing email address. To verify that you own this email address, simply click on the link below.
Your email address was added to the Yahoo! ID: lu*********. If this Yahoo! ID does not belong to you, or you did not recently add your email address to this Yahoo! ID, you may permanently stop receiving messages for this Yahoo! ID at this email address. Please let us know.
Verifying your email address ensures that you can securely retrieve your account information if your password is lost or stolen. You must verify your email address before you can use it on Yahoo! services that require an email address.
For your security, please keep your email address information up-to-date. If this information changes, you can always update it by signing in to your Yahoo! account and changing it from the "My Account" area.
Verifique "[email protected]"
En el mensaje, los enlaces "Por favor, háganoslo saber" a "https://edit.yahoo.com/commchannel/disavow?p= {inserte el hash / identificador aquí} - & amp ; .partner = & .intl = us
La identificación del usuario se envía con asteriscos por cualquier motivo también (¿posiblemente para evitar el secuestro?)
Puedo hacer clic en el enlace y, de hecho, me da un mensaje de que la cuenta no puede agregar esta dirección de correo electrónico.
¿Entonces me preguntaba si alguien sabe lo que estos chicos están tratando de hacer? ¿Están probando las aguas en mi servidor o están intentando que me envíen correo no deseado? Tengo una dirección de captura de todos y por eso recibo estos. He recibido aproximadamente 3 de estos correos electrónicos en las últimas 2 semanas y quiero asegurarme de que estoy tomando medidas proactivas para detener lo que están haciendo. Me encantaría saber si alguien más ha visto esto y cuál es el propósito.
Por solicitud, aquí está el cuerpo --- nada para pescar si me preguntas
Received: from [72.30.235.65] by n2.bullet.mail.bf1.yahoo.com with NNFMP; 11 Feb 2012 19:20:17 -0000
Received: from [98.139.143.201] by t2.bullet.mail.bf1.yahoo.com with NNFMP; 11 Feb 2012 19:20:17 -0000
Date: 11 Feb 2012 11:20:17 -0800
Received: from [127.0.0.1] by with NNFMP; 11 Feb 2012 19:20:17 -0000
To: [email protected]
From: [email protected]
Reply-To: [email protected]
Errors-To: [email protected]
Subject: =?windows-1252?Q?Verify_this_email_address?=
X-Yahoo-Newman-Property: reg
X-Yahoo-Newman-Id: 653512080
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="==_MIME-Boundary-1_=="
X-Gm-Message-State: ALoCoQmMzE5QIYqmvZye++czq+hUu+prxtBoWShcB0uWoeGYP4cyhtt2vAca+RulGHTFUUyoYnz6
--==_MIME-Boundary-1_==
Content-Type: text/plain; charset=windows-1252
Content-transfer-encoding: quoted-printable
Email Address: [email protected]=20
Verifying your email address ensures that you can securely retrieve your =
account information if your password is lost or stolen. You must verify =
your email address before you can use it on Yahoo! services that require =
an email address.=20
Your email address was added to the Yahoo! ID: lu*********. If this =
Yahoo! ID does not belong to you, or you did not
recently add your email address to this Yahoo! ID, you may permanently =
stop receiving messages for this Yahoo! ID at
this email address. Please visit the following link:
https://edit.yahoo.com/commchannel/disavow?p=randomhashremovedfordemopurposes--&.partner=3D&.intl=3Dus=
=20
Verify your email address by visiting the following link:
https://edit.yahoo.com/commchannel/verify?.intl=3Dus&p=randomhashremovedfordemopurposes=_suc=
&.partner=3D=20
You will be required to enter the password to your Yahoo! account.
If the Yahoo! account, lu*********, does not belong to you, let us know so =
you stop receiving email for this account.
For your security, please keep your email address information up-to-date. =
If this information changes, you can always update it by signing in to =
your Yahoo! account and changing it from the "My Account" area.
If you did not create this account, <a href=3D'https://edit.yahoo.com/comm=
channel/disavow?p=randomhashremovedfordemopurposes--&.partner=3D&.intl=3Dus'>click here</a>
Si vous n=92=EAtes pas le cr=E9ateur de ce compte, <a =
href=3D'https://edit.yahoo.com/commchannel/disavow?p=randomhashremovedfordemopurposes--&.partner=3D&.int=
l=3Dfr'>cliquez ici</a>
Si no creaste esta cuenta, <a href=3D'https://edit.yahoo.com/commchannel/d=
isavow?p=randomhashremovedfordemopurposes=
4XpaAyF7h3A--&.partner=3D&.intl=3Des'>haz clic aqu=ED</a>
Regards,
Yahoo! Account Services
********************************************************=20
--==_MIME-Boundary-1_==
Content-Type: text/html; charset=windows-1252
Content-transfer-encoding: quoted-printable
<div style=3D"direction: ltr;">
<img src=3D"https://s.yimg.com/lq/i/brand/purplelogo/base/us.gif" =
vspace=3D"10" hspace=3D"20">
<hr noshade width=3D"95%">
<br><br>
<table border=3D"0" width=3D"735">
<tbody>
<tr>
<td width=3D"10%"> </td>
<td width=3D"80%">
<font size=3D"+1" color=3D"#631266" face=3D"Arial">
<b>Verify this email address</b>
</font>
<br>
</td>
<td width=3D"10%"> </td>
</tr>
<tr>
<td colspan=3D"3"> </td>
</tr>=09
<tr>
<td width=3D"10%"> </td>
<td width=3D"80%">
<font face=3D"Arial" size=3D"-1">You recently added a new email address =
to your Yahoo! account, or initiated verification of an existing email =
address. To verify that you own this email address, simply click on the =
link below.</font>
</td>
<td width=3D"10%"> </td>
</tr>
<tr>
<td colspan=3D"3"> </td>
</tr>=09
<tr>
<td width=3D"10%"> </td>
<td width=3D"80%">
<font face=3D"Arial" size=3D"-1">Your email address was added to the =
Yahoo! ID: ‎lu*********‎. If this Yahoo! ID does not belong to =
you, or you did not
recently add your email address to this Yahoo! ID, you may permanently =
stop receiving messages for this Yahoo! ID at
this email address. <a href=3D"https://edit.yahoo.com/commchannel/disavow=
?p=randomhashremovedfordemopurposes--&.partner=3D&.intl=3Dus">Please let us know.</a></font>
</td>
<td width=3D"10%"> </td>
</tr>=09
<tr>
<td colspan=3D"3"> </td>
</tr>
<tr>
<td width=3D"10%"> </td>
<td>
<font face=3D"Arial" size=3D"-1">Verifying your email address ensures =
that you can securely retrieve your account information if your password =
is lost or stolen. You must verify your email address before you can use =
it on Yahoo! services that require an email address.</font>
</td>
<td width=3D"10%"> </td>
</tr>
<tr>
<td colspan=3D"3"> </td>
</tr>=09
<tr>
<td width=3D"10%"> </td>
<td>
<font face=3D"Arial" size=3D"-1">For your security, please keep your =
email address information up-to-date. If this information changes, you can =
always update it by signing in to your Yahoo! account and changing it from =
the "My Account" area.</font>
</td>
<td width=3D"10%"> </td>
</tr>
<tr>
<td colspan=3D"3" align=3D"center">
<br>
<br>
<br>
<font size=3D"+1" face=3D"Arial"><b><a href=3D"https://edit.yahoo.com/c=
ommchannel/verify?.intl=3Dus&p=randomhashremovedfordemopurposes=3D&done=3D">Verify "[email protected]"</a></b></font>
<br>
<br>
<br>
</td>
</tr>
<tr>
<td width=3D"10%"> </td>
<td>
<font face=3D"Arial" size=3D"-1">If you can't click the sign in button, =
you can verify your email address by copying and pasting (or typing) the =
following address into your browser:</font>
</td>
<td width=3D"10%"> </td>
</tr>
<tr>
<td colspan=3D"3"> </td>
</tr>=09
<tr>
<td width=3D"10%"> </td>
<td colspan=3D"2">
<font face=3D"Arial" size=3D"-1"><a href=3D"https://edit.yahoo.com/comm=
channel/verify?.intl=3Dus&p=randomhashremovedfordemopurposes=3D&done=3D">https://edit.yahoo.com/commchannel/verify?.intl=3Dus&p=3DB2Dm=
R.ePbHa02JFe2.6rNQdqVDLvqdbFgLu8b<br>gt2G.aqcu99zvf5yNyNnV6KRw9XOg.8Fwykc.=
5In88EDdcEwB_sucPuLR3KY1kx4hXxG8ih&.partner=3D&done=3D</a></font>
</td>
</tr>
<tr>
<td colspan=3D"3"> </td>
</tr>
<tr>
<td width=3D"10%"> </td>
<td colspan=3D"2">
<font face=3D"Arial" size=3D"-1">
<b>Not your account?</b>
</font>
<br><br>
</td>
</tr>
<tr>
<td width=3D"10%"> </td>
<td colspan=3D"2">
<font face=3D"Arial" size=3D"-1">
If you did not create this account, <a =
href=3D"https://edit.yahoo.com/commchannel/disavow?p=randomhashremovedfordemopurposes--&.partner=3D&.int=
l=3Dus">click here</a>
<br><br>
Si vous n=92=EAtes pas le cr=E9ateur de ce =
compte, <a href=3D"https://edit.yahoo.com/commchannel/disavow?p=randomhashremovedfordemopurposes--&.part=
ner=3D&.intl=3Dfr">cliquez ici</a>
<br><br>
Si no creaste esta cuenta, <a =
href=3D"https://edit.yahoo.com/commchannel/disavow?p=randomhashremovedfordemopurposes--&.partner=3D&.int=
l=3Des">haz clic aqu=ED</a>
</font>
</td>
</tr> =09
<tr>
<td colspan=3D"3"> </td>
</tr> =09
</tbody>
</table>
<hr noshade width=3D"95%">
<table width=3D"750">
<tbody>
<tr>
<td width=3D"2.5%"> </td>
<td>
<font face=3D"Arial" size=3D"-3"></font>
</td>
</tr>
<tr>
<td width=3D"2.5%"> </td>
<td>
<font face=3D"Arial" size=3D"-3"><p>Copyright =A9 2012 Yahoo! Inc. All =
rights reserved.<a =
href=3D'https://legalredirect.yahoo.com/copyright?intl=3Dus' =
target=3D'_blank'>Copyright/IP Policy</a> | <a =
href=3D'https://legalredirect.yahoo.com/utos?intl=3Dus' =
target=3D'_blank'>Terms of Service</a></p>
<p id=3D'privacy_notice'>NOTICE: We collect personal information on =
this site. To learn more about how we use your information, see our <a =
href=3D'https://legalredirect.yahoo.com/privacy?intl=3Dus'>Privacy =
Policy</a>.</p><br>
</font>
</td>
</tr> =09
</tbody>
</table>
</div>
--==_MIME-Boundary-1_==--