The latest scam: Someone tried to access your personal root server

Here’s a new phishing scam — or at least, this is the first time I’ve seen it.

The e-mail message comes in from an account named “localhost.” It looks like a message from Red Hat, complete with forged redhat.com headers. Here’s the message:

Subj: Someone tried to access your personal root server.

Someone with ip address 54.213.34.66 tried to access your personal root server.

Please click the link below and enter your root server information to confirm that you are not currently away. Also we will make you an update for your system.

Click here to confirm your account information.

The link goes off to what looks like a Red Hat Linux login page. It’s not. It’s someone trying to steal your login and password. Don’t go there.

>> Follow-up: This post is getting a lot of hits from people who received this phishing message and are searching for info about it on Google. I’m glad that you’re researching it! If you can leave a comment, I’m curious whether all the spams reference the same 54.213.34.66 IP address, or if the spammer is varying them. Thanks! (PS: Welcome to my blog. I hope you enjoy it. Look around, stay a while!)

Z Trek Copyright (c) Alan Zeichick

Javier says:

July 26, 2008 at 12:54 am

Hello. Yeah I just got one.
I wonder if this get send at random or if they are directed especifically. (a bit paranoid ?)

jhoff says:

July 26, 2008 at 1:54 am

my wife got this one and she definitely doesn’t have a login to any linux boxes 🙂 so no need to be aranoid 🙂

July 26, 2008 at 4:19 am

my wife received one of these and she definitely doesn’t have a login to any linux boxes so I suspect you’re being a bit paranoid…

Spiffy, the Goji Juice Dog says:

I just got this email as well! I was very confused about it, so I did a search in Google and found your post.

The IP address the spammer gave was exactly th same as the one you mentioned, so obviously they’re not trying to vary it up at all!

Alan says:

July 26, 2008 at 5:23 am

I got the same IP address citation. Did a WHOIS search, the IP belongs to Merck.

Pacmacca says:

July 26, 2008 at 5:34 am

Yes same IP shown, I have just received one showing exactly the same ip address of 54.213.34.66. Further IP’s and info are displayed in the full message header

Lisa- one of the Girl Indie chicks says:

July 26, 2008 at 5:44 am

I received one too and I had a feeling it was just a scam but I thought I would research it before clicking anything. 🙂 And yes, the IP address that is in my message is te same as yours.

Rumee says:

July 28, 2008 at 4:33 pm

yep. Same ip. Could definitely sense it was a scam.

Aly says:

July 28, 2008 at 5:41 pm

same: 54.213.34.66

Comments are closed.