NNSquad - Network Neutrality Squad
[ NNSquad ] NASDAQ's Sloppy, Phishing-like password reset message after being hacked?
NASDAQ's Sloppy, Phishing-like password reset message after being hacked? http://j.mp/14k5Niq (This message on Google+) - - - [forwarded message begins] - - - [name withheld] NASDAQ wrote the other week that they were hacked badly. They closed the site for some days. Now I got this email: Dear Community Members: We are pleased to inform you that your "My NASDAQ" account is again online and available. We invite you back to enjoy all the features you have come to rely upon, including your portfolio tracker, stock ratings and social features. To regain access to your account, please set a new password by going to http://community.nasdaq.com/reset-password.aspx, entering your email address, and clicking on the "Reset Password" button. You will be sent a verification email which contains a link. You can then use that link to reset your password. Thank you for your patience. You are a valued member of our audience and your security is paramount to us. Sincerely, Bruce Hashim www.nasdaq.com The trouble I see is, the URL given is in an HTML mail, and it doesn't actually go to what is being displayed. Rather, it goes to (numbers munged): http://www.mmsend10.com/link.cfm?r=[xxxxxxxx]&sid=[xxxxxx]&m=[xxxxx]&u=NASDAQ_OI S&j=[xxxxxx]&s=http://community.nasdaq.com/reset-password.aspx Now, I'm not saying it's not legit, mind; I don't know. But mmsend10.com is owned as follows: Registered through: GoDaddy.com, LLC (http://www.godaddy.com) Domain Name: MMSEND10.COM Created on: 04-Jan-08 Expires on: 04-Jan-15 Last Updated on: 02-Jan-13 Registrant: Real Magnet LLC 4853 Cordell Ave PH-11 Bethesda, Maryland 20814 United States Administrative Contact: Pines, Tom domain-admin@realmagnet.com Real Magnet LLC 4853 Cordell Ave PH-11 Bethesda, Maryland 20814 United States +1.3016524025 Technical Contact: Pines, Tom domain-admin@realmagnet.com Real Magnet LLC 4853 Cordell Ave PH-11 Bethesda, Maryland 20814 United States +1.3016524025 Domain servers in listed order: NS1V.DATAPIPE.NET NS2V.DATAPIPE.NET That does not exactly foster trust on my first take. - - - [forwarded message ends] - - - --Lauren-- Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info Founder: - Network Neutrality Squad: http://www.nnsquad.org - PRIVACY Forum: http://www.vortex.com/privacy-info Member: ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Google+: http://google.com/+LaurenWeinstein Twitter: http://twitter.com/laurenweinstein Tel: +1 (818) 225-2800 / Skype: vortex.com _______________________________________________ nnsquad mailing list http://lists.nnsquad.org/mailman/listinfo/nnsquad