Warning?

Might be overeacting here but I got an email today saying I got a pm … now I get pm’s all the time but no email alerting me to them. When I clicked the link to take me to the pm it wanted me to log in to the old site. Whats odd is I was already logged on and there was no new pm in my inbox. So this is just a heads up!

Thanks for warning.

I received the same mail.
I’ll copy and paste here:

Hello Dani,

You have received a new private message to your account on “WWII In Color” and you have requested that you be notified on this event. You can view your new message by clicking on the following link:

http://www.ww2incolor.com/phpBB2/privmsg.php?folder=inbox

Remember that you can always choose not to be notified of new messages by changing the appropriate setting in your profile.


Thanks, The Management

That was the false e-mail.
I’ll copy and paste the normal one:

DO NOT REPLY TO THIS EMAIL!


Dear Dani,

You have received a new private message at WW2inColor Talk from Panzerknacker, entitled “Some member asking for help.”.

To read the original version, respond to, or delete this message, you must log in here:
http://www.ww2incolor.com/forum/private.php

This is the message that was sent:


—Quote (Originally by Rob Romero)—
I have recently registered, but am unable to open attached pics, even after I attempt to log on. Can you Help?

RobJRomero@verizon.net

Thanks,

Rob Romero
—End Quote—

I send this to you because you know better this matters.


Again, please do not reply to this email. You must go to the following page to reply to this private message:
http://www.ww2incolor.com/forum/private.php

All the best,
WW2inColor Talk

See the differences?

EDITED:

I THINK IT’S AN ATTEMPT TO PHISHING!!! To stole passwords.

Full header of the false e-mail:

From nickm@rgv.rr.com Thu Apr 26 08:39:59 2007
Return-Path: <nobody@earth.doreo.com>
Authentication-Results: mta240.mail.re3.yahoo.com from=rgv.rr.com; domainkeys=neutral (no sig)
Received: from 205.234.192.198 (EHLO earth.doreo.com) (205.234.192.198)
by mta240.mail.re3.yahoo.com with SMTP; Thu, 26 Apr 2007 08:40:03 -0700
Received: from nobody by earth.doreo.com with local (Exim 4.63)
(envelope-from <nobody@earth.doreo.com>)
id 1Hh64d-0004kt-Ec
for dani_me2001@yahoo.com; Thu, 26 Apr 2007 10:39:59 -0500
To: dani_me2001@yahoo.com
Subject: New Private Message has arrived
Reply-to: nickm@rgv.rr.com
From: nickm@rgv.rr.com
Message-ID: <e3c4b0f9e19e45cabbaa36f2d86450fa@www.ww2incolor.com>
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit
Date: Thu, 26 Apr 2007 10:39:59 -0500
Content-Length: 425

Full header of the normail e-mail:

From WW2inColor Talk Wed Apr 4 15:46:11 2007
Return-Path: <nobody@earth.doreo.com>
Authentication-Results: mta230.mail.mud.yahoo.com from=rgv.rr.com; domainkeys=neutral (no sig)
Received: from 205.234.192.198 (EHLO earth.doreo.com) (205.234.192.198)
by mta230.mail.mud.yahoo.com with SMTP; Wed, 04 Apr 2007 15:46:16 -0700
Received: from nobody by earth.doreo.com with local (Exim 4.63)
(envelope-from <nobody@earth.doreo.com>)
id 1HZEF1-0004Sk-Ib
for dani_me2001@yahoo.com; Wed, 04 Apr 2007 17:46:11 -0500
To: dani_me2001@yahoo.com
Subject: New Private Message at WW2inColor Talk
From: “WW2inColor Talk” <nickm@rgv.rr.com>
Auto-Submitted: auto-generated
Message-ID: <200704042206.3af4aa446828@www.ww2incolor.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=“ISO-8859-1”
Content-Transfer-Encoding: 8bit
Date: Wed, 04 Apr 2007 17:46:11 -0500
Content-Length: 853

Thanks for the detective work Dani!

Maybe we should warn our public members as well?

Let’s wait until the rest of the staff will confirm (or not) that e-mail signed by ‘The Management’ (without any PM within the body of e-mail) instead of regular one with PM embedded signed by ‘WW2inColor Talk’ and also, as a must, to contact ww2admin.

There are 3 options:
a) attempt of phising against the staff.
b) testing by ww2admin of a new system or whatever.
c) attempt of phising against the staff + regular users.

I sent ww2admin a pm…he is looking into it.

I posted a warning to the members…Cuts and BDL seemed to notice the problem so im sure if its a site member they are alerted.