Phishing e-mail today

Below is the body of the message I received.  It’s obviously malicious because I control all the services for paulbegley.com, but I was intrigued. 

Dear user of the paulbegley.com mailing service!
We are informing you that because of the security upgrade of the mailing service your mailbox (rants@paulbegley.com) settings were changed. In order to apply the new set of settings click on the following link:
http://paulbegley.com/owa/service_directory/settings.php?email=rants@paulbegley.com&from=paulbegley.com&fromname=rants
Best regards, paulbegley.com Technical Support.
Message ID#T1SYDT2B4BVZJ72

First, I looked at the header information and the entries below flagged this as fake.  It originated in Japan (.jp TLD), there is no reverse lookup for the IP address 119.152.104.119, and it’s part of APIC (Asia-Pacific Information Center).

Received-SPF: softfail (google.com: best guess record for domain of transitioning unquotingpoy4@strl.nhk.or.jp does not designate 119.152.104.119 as permitted sender) client-ip=119.152.104.119;
Return-Path: <unquotingpoy4@strl.nhk.or.jp>
Received: from CAWADZSGG (unknown [119.152.104.119])
Received: from 119.152.104.119 by iron.nhk.or.jp; Sun, 10 Jan 2010 05:45:04 –0800

Also embedded in the message is the real link to some server in Korea (.kr TLD):

http://paulbegley.com.yhuttte.ne.kr/owa/service_directory/setting

Last, if you have a modern browser installed and configured correctly, your browser (at least Chrome and Firefox) flagged the link as a malicious site and blocked any connections.  IE let you through, but blocked the automatic download.  Screen shots below.

Chrome

Firefox

IE 8

Technorati Tags: Security,Internet,phishing,e-mail