Spoof email example

At a party last night a friend of mine told me about a new spoof email he’d seen. I wasn’t aware of it (I don’t keep my ear very close to that particular ground) but here’s an example just forwarded to me:

> Subject: Attention - Important Notification
> Date: Mon, 19 Oct 2009 05:14:44 -0600
> From: tech-admin <tech-admin@myjournal.com>
> To: info@myjournal.com
>
> Attention!
>
> On October 22, 2009 server upgrade will take place. Due to this the
> system may be offline for approximately half an hour.
> The changes will concern security, reliability and performance of mail
> service and the system as a whole.
> For compatibility of your browsers and mail clients with upgraded server
> software you should run SSl certificates update procedure.
> This procedure is quite simple. All you have to do is just to click the
> link provided, to save the patch file and then to run it from your
> computer location. That's all.
>
> http://updates.myjournal.com.secure.digi1adm.org/ssl/id=7335328053-info@myjournal.com-patch30892.exe
>
> Thank you in advance for your attention to this matter and sorry for
> possible inconveniences.
>
> System Administrator
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4520 (20091018) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com

Scarily real, huh? The “http://updates.myjournal.com” subdomain makes it look very official. So, be careful out there.