Outlook scam/hacking email or legit?

Guest2

Guest2

Guest2

Soldato
Joined
6 May 2009
Posts
20,230
I usually move on and delete this type of mail but from what I can see this looks legit. What do you think, i'll delete it anyway but might aswel post here for a warning...


The email is from 'HotmailOutlookCheck'

It contains in the body
----------------------------------------------------------------------------------
1 new message.
To read your message(s), just click on the link below and login.

It then links to a login https://faiman.us/?k=[my email address]@hotmail.co.uk
----------------------------------------------------------------------------------
Part of the message source shows

Received: from VE1EUR01HT098.eop-EUR01.prod.protection.outlook.com
(2603:10a6:600:bb::16) by LO2P265MB0733.GBRP265.PROD.OUTLOOK.COM with HTTPS
via LO3P265CA0011.GBRP265.PROD.OUTLOOK.COM; Wed, 13 May 2020 04:46:36 +0000

ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 40.92.71.90) smtp.rcpttodomain=hotmail.co.uk smtp.mailfrom=live.co.uk; dmarc=fail (p=none sp=none pct=100) action=none header.from=hotmail.co.uk;
dkim=none (message not signed); arc=pass (0 oda=1 ltdi=1
dkim=[1,1,header.d=hotmail.co.uk] dmarc=[1,1,header.from=hotmail.co.uk])
Received: from VE1EUR01FT020.eop-EUR01.prod.protection.outlook.com
(2a01:111:e400:7e19::49) by
VE1EUR01HT098.eop-EUR01.prod.protection.outlook.com (2a01:111:e400:7e19::308)
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.27; Wed, 13 May
2020 04:46:36 +0000

X-Sender-IP: 40.92.71.90 - http://www.ipaddress-finder.com/?ip=40.92.71.90 -
Hostname -mail-oln040092071090.outbound.protection.outlook.com X-OriginatorOrg: outlook.com


Further down

MIME-Version: 1.0
----_com.samsung.android.email_7245314043292262

Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64

DQogDQoNCg0KMSBuZXcgbWVzc2FnZS4NCg0KVG8gcmVhZCB5b3VyIG1lc3NhZ2UocyksIGp1c3Qg
Y2xpY2sgb24gdGhlIGxpbmsgYmVsb3cgYW5kIGxvZ2luLg0KDQoNCiANCg0KaHR0cHM6Ly9mYWlt
YW4udXMvP2s9YWxleGxlYXJveWRAaG90bWFpbC5jby51aw0KDQoNCiANCg==

----_com.samsung.android.email_7245314043292262
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: base64
 
https://faiman.us/ doesn't even load so there is no link you can click on. I just tested it in a VM.

A quick who is...

Domain Name: faiman.us
Registry Domain ID: D4437344-US
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: whois.godaddy.com
Updated Date: 2019-07-08T11:25:10Z
Creation Date: 2003-07-03T16:07:02Z
Registry Expiry Date: 2020-07-02T23:59:59Z
Registrar: GoDaddy.com, Inc.
Registrar IANA ID: 146
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: C35941029-US
Registrant Name: Tatyana Faiman
Registrant Organization: Technofuel
Registrant Street: 292 Crowells Rd
Registrant Street: Apt B
Registrant Street:
Registrant City: Highland Park
Registrant State/Province: NJ
Registrant Postal Code: 08904
Registrant Country: US
Registrant Phone: +1.6467506222
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]
Registrant Application Purpose: P1
Registrant Nexus Category: C21
Registry Admin ID: C35941032-US
Admin Name: Tatyana Faiman
Admin Organization:
Admin Street: 4614 Surf Ave
Admin Street: Apt 1 RR
Admin Street:
Admin City: Brooklyn
Admin State/Province: NY
Admin Postal Code: 11224
Admin Country: US
Admin Phone: +1.6464011008
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: [email protected]
Admin Application Purpose: P1
Admin Nexus Category: C21
Registry Tech ID: C35941031-US
Tech Name: Tatyana Faiman
Tech Organization: Technofuel
Tech Street: 292 Crowells Rd
Tech Street: Apt B
Tech Street:
Tech City: Highland Park
Tech State/Province: NJ
Tech Postal Code: 08904
Tech Country: US
Tech Phone: +1.6467506222
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: [email protected]
Tech Application Purpose: P1
Tech Nexus Category: C21
Name Server: ns63.domaincontrol.com
Name Server: ns64.domaincontrol.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

For more information on Whois status codes, please visit https://icann.org/epp
Click to expand...

a quick email google and hey prestooo..... we have a marketing manager right in that who is...

https://www.facebook.com/faimanet/
 
100% fake.

Code: 
Received: from VE1EUR01HT098.eop-EUR01.prod.protection.outlook.com
(2603:10a6:600:bb::16) by LO2P265MB0733.GBRP265.PROD.OUTLOOK.COM with HTTPS
via LO3P265CA0011.GBRP265.PROD.OUTLOOK.COM; Wed, 13 May 2020 04:46:36 +0000

ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 40.92.71.90) smtp.rcpttodomain=hotmail.co.uk smtp.mailfrom=live.co.uk; dmarc=fail (p=none sp=none pct=100) action=none header.from=hotmail.co.uk;



All this is saying is that it was delivered to you from Microsoft's email servers, but that doesn't mean it was Microsoft who wrote the content. When you send an email through hotmail/live using their app or webmail client etc then your message is sent off to these servers to forward it into the receipt.

It's a bit like Royal Mail. I could ship you something illegal in the post. Royal Mail would show as the "sending server", but they were unaware of the contents.
 
You must log in or register to reply here.
Back
Top Bottom