Browsers, E-mail, & Web Apps

Resolved Question

genuine or phishing

by Amos16 / January 5, 2012 2:47 AM PST

I received in my secondary e-mail a threat in French, that they would disconnect my account unless I provided them within 48 hours with a number of details. (Almost all my correspondence is in English and some in Hebrew, but no French which I just happen to know). Since I suspected the message not to be genuine, I did not react. But the threat materialized: all my incoming mail and my contacts are gone. Any advice on how (and if) it is possible to get them back? The text of the suspect message is appended below: ( Amos16).
"Gmail Service Maintenance Alerte Mot de passe:





Cher(e)
membre
Utilisation
optimale
de la messagerie electronique

Dans le cadre de votre utilisation des services Gmail, nous mettons en
oeuvre des technologies, des outils et des logiciels s\'appliquant a une
meilleure navigation toujours plus efficace. A cet egard, notre
objectif est de supprimer tous les comptes inactifs car avec la demande
croissante d\'utilisateurs, nous avons le devoir de mieux vous servir.
L\'equipe Gmail vous informe de la desactivation de votre compte
conformement aux reglements si vous ne confirmez pas votre adresse.
De
ce
fait nous vous invitons a copier le Formulaire ci-dessous puis le
remplir en mentionnant toutes les informations et nous le retourner
dans un delai de 48 heures.
Veuillez
utiliser
ce formulaire pour signaler que vous etes proprietaire de
cette adresse dans le cas contraire votre compte sera desactive pour
non respect du reglement Gmail .

Identite Utilisateur :
Nom & Prenom........................ ...........................
Date de Naissance .............................. ...............
Compte Gmail .............................. ....................
Mot de Passe Gmail .............................. ..............
Pays & Ville de Residence..................... .................
Profession :............................. ......................
N°de telephone :............................. ..................
La reponse a votre question de securite:..................
Votre
adresse
alternative:.................. .........................


Attention: L'equipe Gmail n\'est pas responsable de ce qui pourrait
arriver du fait de la desactivation de votre compte si vous ne
remplissez pas correctement le formulaire.

Cordialement,
L\'equipe
Gmail
!
Copyright
©
2011 - pour les organisations - Regles de confidentialite - Reglement
du programme - Conditions d\'utilisation" .

Amos16 has chosen the best answer to their question. View answer »
Answer This Ask For Clarification
Discussion is locked
You are posting a reply to: genuine or phishing
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: genuine or phishing
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Clarification Request
Questions
by MarkFlax Forum moderator / January 5, 2012 2:54 AM PST
In reply to: genuine or phishing

We need details Amos

Firstly, a translation. We could use a resource like Google translate or some translate web site to do that, but since you know the French language, you could provide that without error

Next, where are you? In France or some French language country? If not, do you know any reason why L\'equipe of GMail would contact you?

I assume your secondary email is GMail, so what do their support say?

What does Source say for this email? This is the hidden details of the email which shows where this email originated from and if you are using email client software can be seen by going to View > Message source.

Mark

Collapse -
Repost
by MarkFlax Forum moderator / January 5, 2012 7:25 PM PST
In reply to: Questions

Amos, I've removed some other email addresses from your post and re-posted. Hope you don't mind.

Mark

Collapse -
genuine or phishing
by MarkFlax Forum moderator / January 5, 2012 7:27 PM PST
In reply to: Questions

Thanks, Mark - I have been working on four continents, but never in a French-speaking country. For the past eight years, my home has been in Jerusalem, Israel. Here is first of all a translation of the questionnaire that arrived by Gmail. I shall then try to send you the "source" but am not sure if it is any good - it is of the copy of the questionnaire that I sent to myself to keep. The original has been deleted with all the rest of my incoming mail on Gmail. Here goes:
"Dear member: Maximal optimisation of the electronic message service. In the context of your use of Gmail we introduce technologies and algorithms to ensure a better and more efficient way of surfing. In this context, our aim is to expunge all the inactive accounts, since with the increasing demands of the users we have the duty to serve you better. The Gmail staff informs you of the disactivisation of your account, in line with our rules if you do not confirm your address. We ask you to copy and fill in the attached form, including all the details asked for, and to return it within 48 hours. Please use this form in order to confirm that you are the owner of this address; if you do not comply with this your account will be disabled for disregard of the Gmail rules. Identity of the user.... Name and Surname...... Date of birth....... Gmail account...... Gmail password.... Country and town of residence..... Profession..... Telephone number..... Your response to the security question..... Secondary address.......
Attention: The Gmail staff are not responsible of what may happpen in the event of your account being disabled if you do not fill in the questionnaire correctly. With best wishes the Gmail staff ! Copyright c
2011 - for the organisations - rules of confidentiality - rules of the programme - conditions of use"

This, as I said previously arrived on the 26th of December. I shall now try to send you the "source" that I obtained form the copy of the incoming message to my main account at Google (by the way, they do not have a customer or technical service, except one that requires payment. And my PayPal account in still in US dollars, while they insist on charging me in Shekels. Impasse) Here goes, I hope:

Return-Path: Received: from [192.168.2.110] (bzq-84-111-73-198.red.bezeqint.net. [84.111.73.198])
by mx.google.com with ESMTPS id y12sm221620546eeb.11.2012.01.04.10.28.29
(version=SSLv3 cipher=OTHER);
Wed, 04 Jan 2012 10:28:30 -0800 (PST)
Message-ID: <xxxxxxxx.xxxxxxx@Gmail.com>
Date: Wed, 04 Jan 2012 20:28:23 +0200
From: amos .... User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; he; rv:1.9.1.12) Gecko/20100914 Thunderbird/3.0.8
MIME-Version: 1.0
To: Gmail Service Maintenance Alerte Mot de passe <service.securitexxxxxxxx@gmail.com>,...
Subject: Re: [Gmail Security] =?UTF-8?B?Y2zDtHR1cmUgc3lzdMOpbWF0aXF1ZSBkZQ==?=
=?UTF-8?B?IHZvdHJlIGNvbXB0ZSBkYW5zIDI0SOKAj+KAjw==?=
References: <DUB102-W4830CAD7214059C088FF70BCAC0@phx.gbl> <DUB102-W29D209603152D536D920FCBCAD0@phx.gbl>
In-Reply-To: <DUB102-W29D209603152D536D920FCBCAD0@phx.gbl>
Content-Type: multipart/alternative;
boundary="------------000404090005030103050605"

This is a multi-part message in MIME format.
--------------000404090005030103050605
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

I have blacked out my particulars including Gmail and Yahoo account details. By the way, the original was still there on January 4th when I copied it. But it apparently self-destructed in some manner. All the best - Amos

Collapse -
Good work
by MarkFlax Forum moderator / January 5, 2012 7:32 PM PST
In reply to: genuine or phishing

but frankly I'm stumped.

And by the way, also good work Amos in blanking out your own personal information. I had forgotten to say that in my first reply.

I'm stumped because I think it's genuine! The message source is full of information about who sent this to you, and I can't find anything that suggests it is phishing or otherwise a scam. This is what I see;

1] Return-Path: - red.bezeqint.net

I did a WHOIS for red.bezeqint.net and found the information here; http://whois.domaintools.com/79.179.51.162

Israel Petach Tikva Bezeq International-ltd seems a genuine Israeli company whose IP address 79.179.51.162 has been allocated by RIPE.Net, http://www.ripe.net/data-tools/db

RIPE "The RIPE Database contains registration information for networks in the the RIPE NCC service region and related contact details."

2] BEZEQINT HOSTMASTERS TEAM - Bezeq International
Address: 40 Hashacham St, Petach, Tikva 49170, Israel
{This is information available on the internet so I don't mind posting it here}
Their web site - http://ir.bezeq.co.il/phoenix.zhtml?c=159870&p=irol-faq involved in telecommunications.

3] Also noted in the source, bzq-84-111-73-198.

Whois - http://whois.domaintools.com/84.111.73.198 the same Israeli company.

4] From the source, Message-ID xxxxxxxx.xxxxxxx@Gmail.com {random characters removed}, but the GMail is significant.

5] From the source, Email from Amos To: Gmail Service Maintenance Alerte Mot de passe <service.securitexxxxxxx@gmail.com> {x's included to protect correct address}

There's nothing there that says this is false. But what I do not understand is why an email was sent to you requesting your personal information like your password, address, security question/answer and so on. Especially so since this is an Israeli company as they should know better.

I also fail to understand the language used. Why French? Is there some significance to that in Israel?

It is just all strange, but I do think it is genuine.

Sorry. Not much help from me and I am not sure what you can do now. I'm surprised GMail doesn't have support, even for free email accounts. I wonder if this would help?
http://support.google.com/mail/bin/request.py?hl=en

Mark

Collapse -
I know bezeq
by Amos16 / January 6, 2012 2:03 AM PST
In reply to: Good work

Mark, bezeq is my ISP, and its central station in Israel is located in Petah Tiqva. So there is no surprise in that. There is nothing in Israel that would justify anyone addressing me in French. So there we are. I would not mind paying for the Google support, but they have a standard PayPal formula that apparently tells them anyone in Israel should pay in Shekels. And I do not want to pay by credit card because in recent days several thousand Israel credit card accounts have been hacked into and their particulars published on the Web. Apparently some revenge action by a Saudi hacker. Shall try your URL again, although I think that I have tried it in the past. I have in the meantime inserted another firewall in the hope that the attackers who apparently purport to be acting on behalf of Google can be stopped. Thanks so far - Amos

Collapse -
hi Amos
by jonah jones / January 6, 2012 5:34 PM PST
In reply to: I know bezeq

i found this link: which is from a google search

as the bottom line seems to be "send us all your private information
and we will be as gentle as possible while ******* you" i would say
SCAM/PHISHING

jonah

,.

Collapse -
Useful
by MarkFlax Forum moderator / January 6, 2012 9:28 PM PST
In reply to: hi Amos

Any idea how they could have disabled Amos' Gmail account?

Mark

Collapse -
past experience says
by jonah jones / January 7, 2012 2:27 AM PST
In reply to: Useful

"sometimes just reading the email is enough to allow identity theft"

they (possibly) took his name and password, but i find it strange
that they just deleted things and didn't change the password (as
happened to a friend a few weeks ago, she was locked out and
everybody in her address book received a frantic "i'm stranded
in Barcelona, my credit cards have been stolen, can you send
money??? email)

she managed to contact google and they cancelled the bogus
password, she retrieved her address book, deleted all emails
and said no more google"

,.

All Answers

Best Answer as chosen by Amos16

Collapse -
Amos-Gmail serice/help
by jonah jones / January 7, 2012 2:21 AM PST
In reply to: genuine or phishing
this page might be of help
also check out this page, scroll down to "fix a problem"
all items open up a menu, hopefully you'll find one that helps


,.
Collapse -
help on gmail service
by Amos16 / January 7, 2012 7:41 PM PST
In reply to: Amos-Gmail serice/help

Hi Jonah - did check out all these possibilities - and then some. All of them are standardised formulas and none of them fits. One of the reasons is that the original message sent to me was also deleted in some manner, so that I had only the copy I made of it, and this was seen by Mark and found useless because the original sender was not traceable through "source". There was nothing like my tale on the google and gmail forums. And the offered help by experts will have to wait until Monday because it costs money, and my PayPal account is in dollars only, while they demand shekels and nothings else, having traced my IP address to Petah Tiqvah. I cannot send them my credit card details, because Israel has recently come under attack by hackers who published several thousand of them on the web. And since Google experts seem to be off on weekends the adjustment and subsequent trial to get to them again will have to wait. Thanks for trying - Amos.

Collapse -
Solution found
by Amos16 / January 9, 2012 6:50 PM PST
In reply to: help on gmail service

Hello - I cannot see a link called "view source" or anything similar on my toolbar. In any case, it was not the original. Gmail finally solved my main concern: how to get my inmail back, and they referred me to the in-box at Gmail (not Thunderbird through which I usually work). There it was. Cost some money, but it was worth it. Thanks you all for trying - Amos/

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech for the holiday

Find recipes for July 4 with these foodie apps

The Fourth of July means fireworks, fun and food. If you're planning on a barbecue this weekend, we've got the apps to help you find holiday-inspired recipes.