phishing vonage accounts

Posts: 50 · Full Forum Member Joined: Apr 06, 2005 Posts: 50

I received this email (complete with gramatical errors ... "in:" November 20, "did not accessed", "interpretated", etc...). Any clues what triggered this? Or is it just random coincidence that I happen to use Vonage? And why would someone click the link to goto "seaspraypools" in the first place?

(adding that it apparently came from: [user 209.146.157.73 ] mail.1st-team.com)

Subject: Your Vonage Account will expire in: November, 20

Dear Vonage Member,

Your Vonage Account will expire in: November, 20

This might have happened due to the following reasons:
- You did not accessed your account for more than a month.
- You have dynamic IP address and due to that our system might have interpretated it as a hacking attempt.
- You entered a wrong password 3 times when you tried to connect to your Vonage Account.

To avoid an account suspension, please click link below:

http://www.seaspraypools.com.au/vonage/login.htm

*We will check your IP address, time zone, and confront it with our database logs.

We are very sorry if this affects you in any way but our client's security is a top priority for Vonage Inc.

Regards,
Vonage Security Team.

Posts: 656 · Posted: Wed Nov 19, 2008 7:44 pm Post subject:

It has nothing to do with Vonage or the fact that you have Vonage. These scams have been around for years. It used to be AOL accounts, then Ebay and PayPal, etc.... Regardless if you have the service they are trying to scam, these e-mails get blasted across the internet to any known e-mail addresses they can dig up in the hopes they will find a sucker who does have the service they are phishing for and will log in with their credentials.

Not much you can do except for deleting it. The one you received is very unprofessional and sloppy. No normal person would log into it as it is not even from the Vonage domain. And not much you can do with where the e-mail originated from because in most cases, they find some poorly secured mail server that allows relaying and bounce the e-mails from there. They most likely even hacked the web server at this Australian web site and added a sudo Vonage web page.

And if your using Firefox it will report this page as a Web Forgery and will not allow you to connect unless you accept to bypass the warning.

Reported Web Forgery!

This web site at www.seaspraypools.com.au has been reported as a web forgery and has been blocked based on your security preferences.

Web forgeries are designed to trick you into revealing personal or financial information by imitating sources you may trust.

Entering any information on this web page may result in identity theft or other fraud.

Posts: 1327 · Vonage Forum **MVM** Joined: Nov 08, 2006 Posts: 1327

Google Chrome also blocks this site.

Vonage should have away for Vonage users to send this stuff back to them, like EBAY and Paypal has, something like abuse or phishing.

Posts: 229 · Posted: Thu Nov 20, 2008 7:43 pm Post subject:

Well, considering that you cannot even get Vonage to respond to a support e-mail... good luck with that!

Meanwhile, as was already reported, if you're a Mozilla user, Mozilla has automatically blocked this link. I can also report that OpenDNS / PhishTank has also blocked it (if you use OpenDNS, that is). I attempted to visit the site and the web page is no longer available, so the ISP has killed the account as well.