Although not new, we have seen a resurgence of e-mails that claim to be coming from WingNET’s Staff asking customers to confirm their e-mail account or other such information.  The e-mail threatens that your account will be suspended or discontinued if you do not click the link to a certain website.  These are BOGUS.  Please read the article for more details and a real sample e-mail.

Here is a sample of an e-mail that one customer received recently.  We have edited the URL so it will not actually take you anywhere.

*********************************************

Dear Valued Member,

According to our terms of services, you will have to confirm your e-mail by the following link or your account will be suspended within 24 hours for security reasons.

http://www.youremail@wingnet.net/confirm.php?email=wingnet.net

After following the instructions in the sheet, your account will not be interrupted and will continue as normal.

Thanks for your attention to this request. We apologize for any inconvenience.

Sincerely,Wingnet Security Department
*********************************************

What is NOT apparent when you look at the link listed above is that the underlying code doesn’t even take you to a WingNET server.  The actual code used in the URL is similar to the following:

a href=”http://xxx.246.245.190:90/Confirmation_Sheet.pif

We have edited our the first octet and inserted xxx to keep the URL from working.  As you can see, it tries to take you to a site that will attempt to load a Trojan or worm contained in the .pif file.

For more information you can read TrendMicro’s details at this link.

If you ever receive an e-mail that claims to be from ANY company asking you to confirm your account information, do yourself a favor and confirm it if you are inclined to believe it.  The extra minute or two of time could save you a lot of headache and maybe identity theft fraud.