Re: Fwd: Subscriber Deleted

["Nick FitzGerald" <nick () virus-l demon co uk>]

Hi all,

Jeffrey Walton wrote:

> Did anyone else get this? I did not cancel my subscription, and I'm
> interested in knowing whether this is phishing, maintenance or someone
> gaming the system.
> [...]

FWIW, I've not received anything similar, and I am subscribed to a 
couple of US-CERT mailing lists.

Notice that the "click here" link is:

   https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new

which is very similar (though why not also HTTPS?) to the "Manage 
Preferences" link a little lower in the message:

   http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true

_That_ link is the same as I see in messages from my US-CERT list 
subscriptions, so I don't see how there can be any phishing intentions 
here (unless the perps fat-fingered things and did not change the URLs 
from the real US-CERT message they used as their template?  I have seen 
that once or twice with real (PayPal?) phish...).

The other links seem to be the same from a quick eyeballing of your 
message and US-CERT ones I've received.



Regards,

Nick FitzGerald


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.