Phishing actually from apparent sender's domain
Posted on 2011-10-12
Hi, Experts. I've been seeing something new in the world of phishing emails (at least, to me). The email comes from "email@example.com" -- and the routing headers bear out that this email actually came from "somedomain.com." I am used to seeing a spoofed address and routing from obscure servers that bear no relation to that domain.
Is this a new kind of spoof? Are they actually spoofing routing? Or am I seeing the work of a botnet of some kind? Should I be alerting the sending domains?