Symantec Phishing

Symantec Phishing with commentsPhishing is a type of deception designed to steal your identity by convincing you to provide it under false pretenses. Phishing schemes appear to come from popular websites you trust. In this case, the message came from Symantec.

From: Symantec Corporation [mailto:[email protected]]
Sent: Wednesday, March 01, 2006 5:06 PM
To: Pearce, Jason
Subject: Technology Seminar in Indianapolis on March 15 – Register Today

The body of the email was promoting an upcoming conference. It included a Register Now link, which took you to a URL (a subsidiary of Symantec) but a Symantec logo and design. The site collected personal information and was not secure.

Additional indicators that the email might be a phishing attempt include:

  1. Images resided on
  2. Most links went to
  3. The body of the email said to contact [email protected] for questions
  4. The email was from “Symantec Corporation [email protected]
  5. does not bring up a website
  6. is registered to a company called Creative Automation
  7. Creative Automation’s email and domain servers don’t even use or reference

Though I was aware Veritas and Symantec are the same companies, I suspect some might not be aware. But I don’t know who Creative Automation or are, and don’t trust them. Frankly, there were too many indicators that this was a phishing attempt, I had to ask.

So I sent an email to [email protected] asking if the email was legit or not. In two hours they replied and said it was. But when I asked them how I was to know that an email from Symantec or Veritas is a valid email when it doesn’t come from either or domains, they’ve offered no reply.

You’d think that a company that launched it’s Symantec Internet Threat Meter wouldn’t send an email that resembles many phishing characteristics on the very same day. Perhaps Symantec should read its own Online Fraud: Phishing advice.