ocky
Well-Known Member
Just recieved this from Telkom and wonder if it's legit. Seems strange that they would ask for my email
username and password. Help.
username and password. Help.
-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: What is the ultimate French toast topping?
Strange email purportedly from Telkom.
- Thread starter ocky
- Start date
satanboy
Psychonaut seven
LOL
kilos
Expert Member
- Joined
- Jun 28, 2005
- Messages
- 2,810
- Reaction score
- 38
Check the message envelope headers in your email to see if it came from Telkom SA
network 196.25.x.x or 196.43.x.x
ocky
Well-Known Member
Man, I don't know.. check this output and please advise. 
X-Originating-IP: [41.203.64.130]
X-Originating-IP: [41.203.64.130]
Code:
$ nslookup 41.203.64.130
Server: 196.25.1.11
Address: 196.25.1.11#53
** server can't find 130.64.203.41.in-addr.arpa.: NXDOMAIN
host 41.203.64.130
Host 130.64.203.41.in-addr.arpa. not found: 3(NXDOMAIN)
traceroute -I 41.203.64.130
traceroute to 41.203.64.130 (41.203.64.130), 30 hops max, 60 byte packets
1 192.168.0.1 (192.168.0.1) 0.864 ms 1.134 ms 1.416 ms
2 dsl-242-28-01.telkomadsl.co.za (41.242.28.1) 11.747 ms 13.658 ms 15.868 ms
3 esdw-ip-cat-1-vlan-913.telkom-ipnet.co.za (196.43.35.166) 17.857 ms 19.793 ms 21.772 ms
4 esdw-ip-esr-3-gig-6-1-0-914.telkom-ipnet.co.za (196.43.35.161) 23.997 ms 25.745 ms 27.699 ms
5 * * *
6 196.43.10.130 (196.43.10.130) 75.255 ms 49.670 ms 52.147 ms
7 rrba-ip-lir-1-gig-2-0-0-201.telkom-ipnet.co.za (196.43.33.5) 48.460 ms 44.544 ms 46.470 ms
8 196.43.9.110 (196.43.9.110) 236.724 ms 232.520 ms 234.221 ms
9 s5-0-0-16.ipa4.lon1.bbnplanet.net (195.16.162.129) 236.907 ms 234.233 ms 235.692 ms
10 vlan90.csw4.Frankfurt1.Level3.net (4.69.154.254) 262.840 ms 263.091 ms 263.631 ms
11 ae-92-92.ebr2.Frankfurt1.Level3.net (4.69.140.29) 264.448 ms 265.754 ms 267.210 ms
12 ae-22-22.ebr2.London1.Level3.net (4.69.148.189) 274.563 ms 258.626 ms 257.688 ms
13 ae-57-222.csw2.London1.Level3.net (4.69.153.134) 263.113 ms 263.374 ms 267.550 ms
14 ae-22-52.car2.London1.Level3.net (4.69.139.99) 242.656 ms 243.077 ms 244.551 ms
15 GLOBACOM-LI.car2.London1.Level3.net (212.187.193.74) 338.872 ms 339.510 ms 339.919 ms
16 * * *
17 41.203.66.21 (41.203.66.21) 338.472 ms 338.468 ms 337.966 ms
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
and..
Received: from mail1.telkomsa.net (vms.telkomsa.net [196.25.211.112])
traceroute -I 196.25.211.112
traceroute to 196.25.211.112 (196.25.211.112), 30 hops max, 60 byte packets
1 192.168.0.1 (192.168.0.1) 0.854 ms 1.125 ms 1.409 ms
2 dsl-242-28-01.telkomadsl.co.za (41.242.28.1) 11.720 ms 13.627 ms 15.594 ms
3 196.43.51.74 (196.43.51.74) 52.084 ms 54.016 ms 56.347 ms
4 196.25.181.54 (196.25.181.54) 58.745 ms 60.464 ms 62.390 ms
5 vms.telkomsa.net (196.25.211.112) 65.318 ms 67.532 ms 68.778 msThe_Unbeliever
Honorary Master
Give them an incorrect user name and password 
+1Give them an incorrect user name and password
- See what happens!
MickeyD
RIP
Not legit at all. It may have been sent from a TelkomInternet user account but it is most definitely not from the Telkom ISP. TelkomInternet have emailed quite a few warnings to all their email users warning them against exactly this and also stating it VERY clearly that they will never ask you for this information.
41.203.64.130
http://geoip.flagfox.net/?ip=41.203.64.130jvc
Don't want to be nasty here but Nigeria is only good in scams and phising.
http://geoip.flagfox.net/?ip=41.203.64.130jvc
Don't want to be nasty here but Nigeria is only good in scams and phising.
Last edited:
ocky
Well-Known Member
cavedog and MickeyD,
You are stars, thank you very much for confirming my misgivings !
(Another nice Firefox Add on)
You are stars, thank you very much for confirming my misgivings !
(Another nice Firefox Add on)
MickeyD
RIP
Plesure... how's it in Cold And Wet country?
ocky
Well-Known Member
Plesure... how's it in Cold And Wet country?
Yup, you got it - bloody awful this time of year.
ranger
Expert Member
This is a phishing attempt. You should have received a warning from TelkomInternet in the past month or two warning you to never supply your username or password by email, specifically to help you in identifying attempts such as this.
We will never request your password. In the event that there has been unusual activity (most commonly as a result of you supplying your password when replying to one of these mails), we will reset your password and communicate it to you (e.g. via SMS), and request you to reset it immediately on the password management tool.
If you want to assist us in taking action to try and prevent this scammer from farming more accounts, please forward the original mail with all headers to abuse at telkomsa dot net.
The_Unbeliever
Honorary Master
@ranger - can you supply me with a fake telkomadsl username/password to feed such scammers?
Zewp
Banned
Telkom supplies you with the username and password. Why would they ask you for it?
Fake email is obviously very, very fake.
Fake email is obviously very, very fake.
DrJohnZoidberg
Honorary Master
Rule of thumb: Never provide any personal password credentials to anybody. If you do this you are just asking for trouble.
ocky
Well-Known Member
I would have forwarded the original mail to Telkom, but could not find an email address for this purpose on their site. Can you plse. confirm that the address you mention above viz. abuseattelkomsadotnet is the one to use should this happen again ?
Unfortunately the scam/phishing mail was deleted by me yesterday.
Thanks to all for your comments.
Last edited: