Is this a phishing email?

[nowwhatnapster]

I work for a small business and we get the occasional phishing email. I'm having a hard time discerning the legitimacy of this one.

The message says:

"Your Authorize online service has expired. If your intention is to remain a Authorize customer please begin the activation sequence as soon as possible. Failure to update your information will lead to the permanently suspension of your account.

Log-in to your account and update your information"

Granted we do use cybersource for processing payments, and the logo says "authorize.net a cybersource solution"

Here is the code of the message. Your thoughts are greatly appreciated.

<table border="0" width="34%" id="table1" height="232">
        <tr>
                <td valign="top">
                                <p align="center">
                                <br>
								<img border="0" src="http://authorize.authwebservices.com/images/authorizenet_logo.gif" width="176" height="75"><br><br>
                                </p>
                                <p>
&nbsp;Your Authorize online service has expired. If
your intention is to remain a Authorize customer please
                begin the activation sequence as soon as possible. Failure to
                                                                update
                your information will lead to the permanently suspension of your
                account.</p>
 <br><p>&nbsp;<b><a href="http://authorize.authwebservices.com/">Log-in</a></b> to your account and update your information</td>
        </tr>
</table>

 

[bigdogchris]

You don't know the difference between your payee's and random junk email? I'm not being sarcastic, I just don't see how you could not know who you actually owe money to or not. Is this company your getting the email from someone you subscribe to or buy services/products from?

 

[gimp]

well... it looks legitimate.
it's not like the links and text are pointing to different websites.

Do you do business with a company called AuthWebservices?
who apparently verifies online merchants?

if you go to authorize.authwebservices.com it's a fairly bland page with a login on the side.
do you not have an account with said company? if not, ignore it.

it's not asking for CC info, banking info, etc.

although they don't have a listed number.

oh, but if you click on Terms of Use, it brings up a ToU window, along with more clickable links, one of which is a "Customer Support" and an About Us, plus a Contact Us link which provides a phone number.


edit: missed a part of your OP....Call Cybersource, have them verify this company/email/website/etc.

 

[simondog]

This looks like a classic phishing attack. The link goes to a site that looke like authorize.net, but is on a domain that was registered today (!!!!) to an individual in Phoenix, AZ (see below). Curiously enough, this person seems to exist and the address is residential (http://phoenix.blockshopper.com/property/17023082/4510_n_36th_place/),

So, we have a few possibilities:

1. Authorize.net wants people to log in with their username and password on a site registred to an individual, in a different city than authorize.net or cybersource is located, and just happened to register the domain on the day they sent out an email which looks just like classic phishing email, right down to a link that points to a different domain than the one previously used with me as a customer. This email also came to an address that is not one of the authorize.net contact emails, but is in the same domain I used to deal with authorize.net.

2. Someone used Ms. Williams name and address to throw people off the trail

3. Ms. Williams actually registered the domain and it has been hijacked, or she is a someone able to set up an excellent fake site but not able to cover her tracks.

Authroize.net bills your bank account directly, so there is no need to "renew". I logged in to my authorize.net account (typing www.authorize.net directly into the browser and NOT using the link in the email) and there was no hint of the need to verify, but a warning about phishing attacks coincidentally dated today. It's past their service hours, so I will have to wait until tomorrow to call them.

Whenever you get an email like this, it's generally safe to go to you vendor's website provided you type in what you already know to be the proper domain manually. Do not use the link in am email for this.

There will probably be info all over the web about this in a day or three.



The registration for the phishing domain:

Registrant:

Shirley Williams
4510 N. 36th Place
Phoenix, AZ 85018
US
Phone: +1.8887169071
Email: [email protected]

Registrar Name....: Register.com
Registrar Whois...: whois.register.com
Registrar Homepage: www.register.com

Domain Name: authwebservices.com
Created on..............: 2010-01-06
Expires on..............: 2011-01-06

Administrative Contact:

Shirley Williams
4510 N. 36th Place
Phoenix, AZ 85018
US
Phone: +1.8887169071
Email: [email protected]

Technical Contact:
Registercom
Domain Registrar
575 8th Avenue
New York, NY 10018
US
Phone: +1.9027492701
Email: [email protected]

DNS Servers:
dns010.d.register.com
dns050.c.register.com
dns172.b.register.com
dns233.a.register.com


Registrant:

Shirley Williams
4510 N. 36th Place
Phoenix, AZ 85018
US
Phone: +1.8887169071
Email: [email protected]

Registrar Name....: Register.com
Registrar Whois...: whois.register.com
Registrar Homepage: www.register.com

Domain Name: authwebservices.com
Created on..............: 2010-01-06
Expires on..............: 2011-01-06

Administrative Contact:

Shirley Williams
4510 N. 36th Place
Phoenix, AZ 85018
US
Phone: +1.8887169071
Email: [email protected]

Technical Contact:
Registercom
Domain Registrar
575 8th Avenue
New York, NY 10018
US
Phone: +1.9027492701
Email: [email protected]

DNS Servers:
dns010.d.register.com
dns050.c.register.com
dns172.b.register.com
dns233.a.register.com

 

[Enocerous]

...will lead to the permanently suspension of your account.

This poor grammar alone would raise a big red flag for me. On this fact alone I would think it's a phishing attempt.

 

[Nenu]

Agreed and no business is going to terminate a customers account on something so trivial.
Definite scam.

 

[nowwhatnapster]

You don't know the difference between your payee's and random junk email? I'm not being sarcastic, I just don't see how you could not know who you actually owe money to or not. Is this company your getting the email from someone you subscribe to or buy services/products from?

Well I'm not exactly the book keeper. I manage the computers and website. We deal with cybersource because we own and operate a retail website. When I get an email from someone posing as cybersource, ofcourse i'm going to double check my work.

Unfortunately my co-workers are not tech savvy. They wouldn't be able to comprehend what a phishing email is. So I turn to HardOCP because there is a wealth of competent people here. I Just wanted to hear someone else say: "yes thats a phishing email."

You would be surprised, how easily the people I work with believe anything they read on a computer. To give you an example: When they switched to a new webhosting company, the idiot that worked here before never closed the account with the old company! It went on for 3 years, until I came on board.

I think the spelling mistake seals the deal for me. I just wish I noticed that myself. Damn engrish!

Thanks for all the input. Case closed!

 

[simondog]

I was tempted to call up that homeowner in Phoneix listes as the owner (not at the listed 888 number, but at the number readily available for her via Google), but I don't want to have anything to do with this site.

Interestingly enough, an attempt to visit the bogus website now triggers the Firefox web forgery filter.

 

[heaven~lord]

its 90% fake and phishing

wow these days lot heck new types of fake mails are coming
few days aback i saw one topic in that person got fake mail and it was so realistic and made that person close his site :|
and after clsoing he concernd on forum

 

[heaven~lord]

Well I'm not exactly the book keeper. I manage the computers and website. We deal with cybersource because we own and operate a retail website. When I get an email from someone posing as cybersource, ofcourse i'm going to double check my work.

Unfortunately my co-workers are not tech savvy. They wouldn't be able to comprehend what a phishing email is. So I turn to HardOCP because there is a wealth of competent people here. I Just wanted to hear someone else say: "yes thats a phishing email."

You would be surprised, how easily the people I work with believe anything they read on a computer. To give you an example: When they switched to a new webhosting company, the idiot that worked here before never closed the account with the old company! It went on for 3 years, until I came on board.

I think the spelling mistake seals the deal for me. I just wish I noticed that myself. Damn engrish!

Thanks for all the input. Case closed!

first of all if u poiting that just check whom u got mail form i wud say it a bad idea their are lot mant fake mail senders
i can even send a mail form this email like " [email protected]"
it realy dosnt matter
u cant guess with id from which u got email

 

[Nenu]

its 90% fake and phishing

wow these days lot heck new types of fake mails are coming
few days aback i saw one topic in that person got fake mail and it was so realistic and made that person close his site :|
and after clsoing he concernd on forum

Care to break down how you got 90% ?