I received an email about one of my Gmail accounts. The text shown below. I ckecked my mail box and it is very clean as I delete all my messages once I read them. It had a word Validate in the body of the message which was a hyperlink. The hyoperlinked email address that is not even a Gmail address. I have deleted this hyperlink in this posting, so that there is not risk of someone inadvertantly clicking on it.
Does anyone have any idea what this group is trying to achieve. The Validate link leads to this email address: Address a web forgery so removed mod
My McAfee antivirus is up to date and did not see anything suspicious with this email. I am suspicious.
Your comments or ideas would be very valued.
Thank you in advance.
Sent: Saturday, September 21, 2013 4:09 AM
To: email removed for safety mod
This is to inform you that your Mailbox Quota limit has been exceeded. To continue using email,you will need to upgrade your Mailbox Quota(please note this is free). Failure to do so,you will be unable to upload additional items to your Drive or photos to Google+, and, after a period of time, incoming messages to your account will be returned to the sender. Note that we will bounce emails until you rectify quota issue.
We sincerely regret any inconvenience.
Message was edited by: Peacekeeper on 21/09/13 6:55:44 PMMessage was edited by: Peacekeeper on 21/09/13 6:56:28 PM
I have done a Google search about suriyenakliyat.com and it appears to be based in Pymouth in England with links back to Turkey. When I attempted to just open the suriyenakliyat.com web address the browser was diverted to my McAfee software immediately issued it warning that this site is very suspicious. (Warning I have attempted to delete the hyperlink below, Please do not attempt to open it as it may have consequences for you computer.
My Mcafee software immediately issued its warning that this site is very suspicious. So I think I am vindicated in raising this matter here. I will be sending an email to all my club committee not to open this email. Just delete it.
My rule has always been that if you do not know who the email is from just delete and add the emailer to the unwanted list on the antivirus software.
Message was edited by: wantonc22 on 20/09/13 5:38:24 PMMessage was edited by: wantonc22 on 20/09/13 5:38:45 PM
Ignore the message as it is trying to entice you to access dangerous sites I tried the top site you posted and got a web forgery warning the link above I have also removed as it appears not safe.
A search of google gets heaps of hits on the email contents you posted this on several email clients so it is a spam/scam. I have asked Hayton who is more skilled than I in web site testing to comment as well.
I wont pretend to know how your system works as I'm on the consumer side but noticed nobody had responded to you. Whilst it isn't that hard to run out of mailbox space using GMail, see this entry on the web http://sidawson.com/2011/02/gmail-storage-quota-exceeded-why-this-happens.html but what you got looks like phishing spam,
I would imagine you need to set up mail filters.
Thank you Peacemaker and ExBtrit, you have both confirmed my thoughts. This one almost got through under my guard, but luckily my habit of reading who the message is from aleted me. Thanks again.
I did a bit of checking. Usually an email like that is designed to get you to go to a website which is infected with malware of some kind. That may not be the case here.
The two URLs involved looked confusing -
This page does not appear to be on the official site map.
Edit : Don't worry. Those links look clickable but they don't go anywhere.
Arinak(dot)com is the site of Arina Logistics (or Arinak Lojistik), an apparently legitimate Turkish freight-transportation company transporting goods between Europe and the Middle East - the site is big on logistics, transportation, warehousing, distribution and the supply chain.
Company details are available at http://www.nakliyeilani.com/firmalar/DAE13FC2-378C-45F8-BDF9-5132503A8B8F/arinak-lojistik
Their entire web site has been rated Yellow since at least as far back as June, but Yellow means 'Take Care', not 'Beware Of Infection'.
Sucuri, urlquery and others all say the site has no malware on it. However, the site does have a vulnerability : it is running under an outdated version of WordPress. And WordPress sites have been aggressively targeted recently by hackers for all sorts of reasons, ranging from spam to financial fraud.
What appears to have happened here is that the site has been hacked. The "suriyenakliye" page is a very big clue : "suriye" is "Syria".
I examined the page (incidentally Google Translate does a terrible job of translating Turkish) and either the page has been inserted into the site or the page content has been modified by hackers. Since the content reflects a pro-Assad take on current developments in Syria I would guess the Syrian Electronic Army have paid the site a visit and left their calling card.
Recent reports about their activities have given a few clues to why this site was chosen to be hacked :
Many of those takedowns were accomplished using cheap-and-easy spear-phishing attacks, often designed to separate victims from their Google login information, which the hackers then use to seize control of Twitter feeds and send further phishing emails
Brian Krebs, a former Washington Post reporter, wrote that clues discovered when the SEA's own website was hacked earlier in the year pointed towards at least one member of the group being based in neighbouring country Turkey.
Brian Krebs is no longer so sure that one of the SEA hackers is in Turkey. With the fog of disinformation and dirty tricks washing around the whole Syrian arena at the moment it is not safe to assume that any action like this can be definitely attributed to this or that group or faction. Nevertheless ...
One page in that Syria section is indeed blocked by Google as a phishing page, and with good reason : http://suriyenakliyat(dot)com/newgm.html
Here is the reason why it is blocked. Someone is out to get Gmail account details and passwords ...
I would guess that the email intended to send the recipient to this hacked page is part of a continuing campaign, although why the campaign is using a Turkish logistics company for the destination is anybody's guess.Message was edited by: Hayton on 21/09/13 17:06:52 IST