We've just received what I'm 99% sure is a phishing email - sent through
the Mandrill/Mailchimp infrastructure, claiming there's a problem with
our Mailchimp account. The links go to landing pages on MailChimp, and
it's clever.
So, it needs sorting, ASAP, because it's quite likely to catch people
out, given that it's claiming to be from Mailchimp, the links go to
Mailchimp pages (which look like Mailchimp login pages, but aren't
quite), etc.
I've reported it to ab...@mandrillapp.com as well, but that may take a
while to get through, so thought I'd try a different channel as well...
Headers:
Return-Path:
<bounce-md_30903452.5c76c31e.v1-cef683aebe194acebd48d0ee66249...@mandrillapp.com>
DomainKey-Status: non-participant from=nore...@drsha.net; domainkeys=fail
Authentication-Results: lmail.pscs.co.uk; spf=Pass
smtp.mailfrom=bounce-md_30903452.5c76c31e.v1-cef683aebe194acebd48d0ee66249...@mandrillapp.com
smtp.helo=mail136-28.atl41.mandrillapp.com; dkim=pass (signature verified)
header.i=nore...@drsha.net; dkim=pass (signature verified)
header.i=@mandrillapp.com; auth=none
Received-SPF: Pass client-ip=198.2.136.28;
envelope-from=bounce-md_30903452.5c76c31e.v1-cef683aebe194acebd48d0ee66249...@mandrillapp.com;
helo=mail136-28.atl41.mandrillapp.com; identity=mailfrom
Received: from mail136-28.atl41.mandrillapp.com ([198.2.136.28]
(mail136-28.atl41.mandrillapp.com)) by lmail.pscs.co.uk ([192.168.66.70]
running VPOP3) with ESMTPS (TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384) for
<redac...@pscs.co.uk>; Wed, 27 Feb 2019 17:04:37 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=mandrill;
d=drsha.net;
h=From:Subject:Message-Id:To:Date:MIME-Version:Content-Type;
i=nore...@drsha.net;
bh=bjT9fpLnOr3an+CY799OLe4k3utaSPU5laFCWT8pwCg=;
b=gQinse9xWTicS6IrV9weXt2IV1IcoZfAU7bSiuz+iVUqUs4FbEwORfiYx3xatb1VPmjHq2PSeYbR
bEYOgo/YmI87WzJMOgCIdBFQoNMzYmRg8pmJiQKAWzaTv8kT14AJzChsZbnsT0/H9tiQ/N5rqjU3
x2G+/fYQ/zkjhbW95JM=
Received: from pmta04.mandrill.prod.atl01.rsglab.com (127.0.0.1) by
mail136-28.atl41.mandrillapp.com id her1ia1sb1ku for
<redac...@pscs.co.uk>; Wed, 27 Feb 2019 17:04:30 +0000 (envelope-from
<bounce-md_30903452.5c76c31e.v1-cef683aebe194acebd48d0ee66249...@mandrillapp.com>)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com;
i=@mandrillapp.com; q=dns/txt; s=mandrill; t=1551287070; h=From :
Subject : Message-Id : To : Date : MIME-Version : Content-Type : From :
Subject : Date : X-Mandrill-User : List-Unsubscribe;
bh=bjT9fpLnOr3an+CY799OLe4k3utaSPU5laFCWT8pwCg=;
b=Ftc1ffes3M9osTYrxu23+LeE++UDNvFpKZMEUjD1F6FuYJIQ2gp0rUgiLqQy4TUM9VI9Qr
1jL/nIskU8jImnlHy6jyv//1mlU2W+FoJ5KJTTr09SkWzdQ03EFexi2Gv3zIK0MerQxED/rR
SPhuTsNtFXI2kBhK7OsbgWra44C5M=
From: MailChimp Billing <nore...@drsha.net>
Subject: MailChimp Billing Dispute In Progress
Return-Path:
<bounce-md_30903452.5c76c31e.v1-cef683aebe194acebd48d0ee66249...@mandrillapp.com>
Received: from [138.68.74.240] by mandrillapp.com id
cef683aebe194acebd48d0ee662499fe; Wed, 27 Feb 2019 17:04:30 +0000
X-Mailer: Apple Mail (2.2104)
Message-Id: <2b2604b9-8adc-e769-5633-d2471df00...@drsha.net>
To: <redac...@pscs.co.uk>
X-Report-Abuse: Please forward a copy of this message, including all
headers, to ab...@mandrill.com
X-Report-Abuse: You can also report abuse here:
http://mandrillapp.com/contact/abuse?id=30903452.cef683aebe194acebd48d0ee662499fe
X-Mandrill-User: md_30903452
Date: Wed, 27 Feb 2019 17:04:30 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="_av-tmIbwtKaFByrlcctRqVPTg"
--
Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53
Sign up for news & updates at http://www.pscs.co.uk/go/subscribe
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
