Phishing eMusic customers?
I got an out-of-the-ordinary eMusic newsletter this month. It looks perfectly professional (although slightly different to the usual ones), but it’s from an address at emusic.chtah.com (the usual newsletters come from edmailbox.emusic.com).
I’m quite sure the company eMusic owns the domain emusic.com, but anyone at all could register chtah.com and add a subdomain called emusic. If this is really the new eMu mailing system then they should be slapped about for encouraging their users to ignore all reasonable security precautions.
(How did I notice? I whitelist: any mail from an address I haven’t previously confirmed goes into a separate folder and gets looked at suspiciously. Double-suspiciously when it purports to come from somebody I know I have already whitelisted.)
If it’s not them, though, then I’m worried. Because the mail looks perfectly legitimate, properly punctuated and in fact it’s an html email in pretty good eMu style. That’s professional work. It addresses me by the name eMu knows me by, which could be a lucky guess but at least means it’s either personalised by hand or run off a smarter database than just crawling my homepage and scraping names-and-addresses.
I’ve sent a mail to the eMu folk, but their “Contact Me” form doesn’t fill me with confidence. In the meantime, if anyone knows more about the issue I’d be glad to hear it.
Comments
Addendum: of course, sending from non-official domains should be seriously frowned upon, however given SMTP is what it is, if I were phishing, I'd forge the sending address anyway to be realistic. Like all those 'alert@kiwibank.co.nz' emails I get. I don't even have an account with them, and I certainly wouldn't give them the email I use to register domains and never use for anything else.
Yah, fair point. On the other hand having the links in the mail go to emusic.chtan.com is super-dodgy if you ask me.
Sounds like it is legit though, another eMu-customer friend of mine got it too. In which case, shame on them.
I received an email today from Aerlingus but the domain was aerlingus.chtah.com instead of aerlingus.com. I just realized it because the images didn't load as usual because it was not in my list of trusted sites.
I think is phishing as all the links in the email point to chtah.com domain but with the same look and feel as the original ones.
How very interesting... If it's indeed a scam they're very very careful, which is pretty scary.
I suppose it's still possible that chtah.com is handling mailing-list processing for both Aerlingus and eMusic, but it seems unlikely to me.
... ok, quick google seems to suggest that they're indeed legit. But the weird thing is I'm still getting the standard eMu mail, the chtah hit was a one-off. I dunno, I bow out of the whole thing.
If you tell me the subject, I can tell you if I got it also. There was a 'what's new at emusic' email that I got recently that I can't check where it came from because I apparently deleted it, yet it's not in my trash. Which probably means I deleted it on my laptop, and the trash hasn't synchronised yet.