Another way to steal your password from Yandex mail
Your Yandex password is valuable enough information, especially if you use Yandex.Money. And today I observed a rather cunning and confused method, as they tried to divert this password from me. I decided to show this method here so that none of our people would get caught, or at least someone who accidentally reads this would not be followed.
So, today I received a letter from my registrar and in the field the sender sees the usual: “RU-CENTER <no-replay@nic.ru>”. Although you don’t even peer at it, because the subject of the letter is rather catchy.
')
And something in the letter confused me, probably the absence of the badge that is in ordinary letters from the center.
That is, once the DKIM checks have not been completed, then the sender could have filled the field to anyone, and this is clearly not the center. And I wouldn’t have noticed this trifle, if I hadn’t prepared the newsletter myself on the occasion of announcing a new project . I could not find the jamb, but I still could not understand what the catch was.
Then I click on the link “see the attached document” (which looks like a normal link from Yandex, and not a product of clever HTML layout) - you go to a page that is very similar to Yandex a document with the text of the statement, but after 2 seconds, the authorization flies unexpectedly and need to enter a password. It must be said ingeniously done.
Here you should pay attention to the domain. And he is clearly not from Yandex.
Realizing that they want to get a password - I entered a random set of characters and “about a miracle” logged in and was able to slowly read the “complaint”.
That's all, be careful and do not give anyone your password.
Thanks for attention.
So, today I received a letter from my registrar and in the field the sender sees the usual: “RU-CENTER <no-replay@nic.ru>”. Although you don’t even peer at it, because the subject of the letter is rather catchy.
')
The text of the letter so that you can google this article.
Hello, dear customer.
RU-CENTER’s Client Relations Department received a complaint about the illegal use of the tocamp.ru domain. This complaint was assigned the number AL347031.
As a result of consideration of this appeal, RU-CENTER experts concluded that the complaint is unfounded, because the facts contained in it did not find their confirmation.
The file with the text of the complaint is attached to this letter.
- Respectfully,
RU-CENTER Customer Service Department
Moscow, Leningradsky Prospect, 74, building 4.
+7 (495) 994-46-01
+7 (495) 737-06-01
RU-CENTER’s Client Relations Department received a complaint about the illegal use of the tocamp.ru domain. This complaint was assigned the number AL347031.
As a result of consideration of this appeal, RU-CENTER experts concluded that the complaint is unfounded, because the facts contained in it did not find their confirmation.
The file with the text of the complaint is attached to this letter.
- Respectfully,
RU-CENTER Customer Service Department
Moscow, Leningradsky Prospect, 74, building 4.
+7 (495) 994-46-01
+7 (495) 737-06-01
And something in the letter confused me, probably the absence of the badge that is in ordinary letters from the center.
That is, once the DKIM checks have not been completed, then the sender could have filled the field to anyone, and this is clearly not the center. And I wouldn’t have noticed this trifle, if I hadn’t prepared the newsletter myself on the occasion of announcing a new project . I could not find the jamb, but I still could not understand what the catch was.
Then I click on the link “see the attached document” (which looks like a normal link from Yandex, and not a product of clever HTML layout) - you go to a page that is very similar to Yandex a document with the text of the statement, but after 2 seconds, the authorization flies unexpectedly and need to enter a password. It must be said ingeniously done.
Here you should pay attention to the domain. And he is clearly not from Yandex.
Realizing that they want to get a password - I entered a random set of characters and “about a miracle” logged in and was able to slowly read the “complaint”.
That's all, be careful and do not give anyone your password.
Thanks for attention.
Source: https://habr.com/ru/post/394799/
All Articles