Related to email but not a specifically Eudora question:

Just got this email, the most recent of several from Peru that claims to
be in charge of my USA email account.

What gets me is the link they want me to use, http:/mail.rcn.commmm. I
put in 3 extra m's so no one would accidentally click on it.

So they left out a slash, was that on purpose?

But the question is..I thought if the middle node, rcn, was a a real
one, changing the first node to mail would still give a link that
belongs to www.rcn.com, which is the URL of one of my mail servers.

Also the To: line looks like it has a valid domain. ???

Would correcting and clicking on the zimbra link install a virus, or is
it just phishing?

From: "?© +RCN Telecom Services" <a20214996@pucp.edu.pe> [Peru!!!]
Date: Mon, 8 Nov 2021 19:00:45 +0530
Subject: Re: Very Important Information Regards Your RCN
To: cskrnc@rcn.commmm

Your incoming mails and documents have been placed on hold due to the
recent spam activities on our server.

we need you to verify your account before you can view the new emails
and documents. to verify kindly click on URL below and login.

http:/mail.rcn.commmm/zimbra

© 2021 RCN Telecom Services, LLC. All Rights Reserved.

micky wrote:
> Related to email but not a specifically Eudora question:
> Just got this email, the most recent of several from Peru that claims
> to be in charge of my USA email account.

Let them claim heaven and hell, and dump them into trash. Or make
a filter that does that for you before you even have a chance to
look at the message.

> What gets me is the link they want me to use, http:/mail.rcn.commmm.
> I put in 3 extra m's so no one would accidentally click on it.

You're a bit shortsighted. Had you hovered the cursor over that
would-be-url, you'd have noticed right away the real underlying
url *does* have two slashes. It's a very common way to lure people
to malware sites, but it's also commonly used by trusted companies
hide a url ("difficult" for the computer-ignorant) in the way it's
done on webpages.

> So they left out a slash, was that on purpose?

You bet! It draws attention, and out of curiosity people will click
on the "incorrect" link.

> Would correcting and clicking on the zimbra link install a virus,
> or is it just phishing?

Just click on it and you may be lost already.

-p

In comp.mail.eudora.ms-windows, on Wed, 10 Nov 2021 22:35:42 +0100, Piet
<www.godfatherof.nl/@opt-in.invalid> wrote:

>micky wrote:
>> Related to email but not a specifically Eudora question:
>> Just got this email, the most recent of several from Peru that claims
>> to be in charge of my USA email account.
>
>Let them claim heaven and hell, and dump them into trash. Or make
>a filter that does that for you before you even have a chance to
>look at the message.
>
>> What gets me is the link they want me to use, http:/mail.rcn.commmm.
>> I put in 3 extra m's so no one would accidentally click on it.
>
>You're a bit shortsighted. Had you hovered the cursor over that
>would-be-url, you'd have noticed right away the real underlying

Ugh. I don't know why I didn't do that. I know about it. I'm trying
to find the email again in my inbox trash but can't find it yet.

>url *does* have two slashes. It's a very common way to lure people
>to malware sites, but it's also commonly used by trusted companies
>hide a url ("difficult" for the computer-ignorant) in the way it's
>done on webpages.
>
>> So they left out a slash, was that on purpose?
>
>You bet! It draws attention, and out of curiosity people will click
>on the "incorrect" link.

Aha.

>> Would correcting and clicking on the zimbra link install a virus,
>> or is it just phishing?
>
>Just click on it and you may be lost already.

Oh, no!

>-p