Philosophical Phish

...this is a phish mailed out indiscriminately in the hope of catching a Xoom customer...

…this is a phish mailed out indiscriminately in the hope of catching a Xoom customer…

The days when I used to send out phish alerts are long gone: I wouldn't have time to blog them, let alone track them. But this message just turned up sent to the askeset@ account, alerting Mr askeset@ to a "problem":

You have an important update!
Access your account and update your account to resolve the problem.

Secure your xoom account log in

Keep yourself secure

This email was sent automatically please do not respond

Well, neither I nor Mr askeset@ have a Xoom account, so with nothing else to go on, it would be a pretty safe bet that this is a phish mailed out indiscriminately in the hope of catching a Xoom customer. In any case, it doesn't originate with (though the address is forged to look as if it does), it doesn't come via the mailer the header claims it uses, there's no personalization (indicating that the same mail was sent to multiple addresses) and the login URL is a site that has nothing to do with Xoom either. But I just had to share the disclaimer at the bottom. Not to point out that there might be a problem identifying the addressee, since the recipients were all blindcopied, or that there might be a problem contacting the sender since this is alleged to be from an account that doesn't accept replies. But because the last sentence, while presumably meant to explain why the message doesn't constitute a contract (I didn't really think it did), stands alone as a plaintive medition on the nature of electronic messaging. :)

This communication (including any accompanying documents) is confidential
and privileged. It is for the exclusive use of the addressee. If you are
not the addressee please note that any distribution, copying or use of this
communication or the information in it is prohibited. If you have received
this communication in error, please destroy it and contact us immediately.
Any communication made by email is not secured and does not constitute an
offer or acceptance and does not constitute as a binding or legal contract.
Email communications are of ephemeral nature

I feel a haiku coming on.

ESET Senior Research Fellow

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center