Security Bulletin: PHISHING email "security upgrade of the mailing service your mailbox" |
Article ID: 963 |
Back to Search
|
Security Bulletin: 10/14/2009
Today we had a customer report receiving an email similar to the following (the customer's domain was replaced with "mydomain.com" to protect the customer's personal information)
Dear user of the mydomain.com mailing service!
We are informing you that because of the security upgrade of the mailing
service your mailbox (someuser@mydomain.com) settings were changed.
In order to apply the new set of settings click on the following link:
http://mydomain.com/owa/service_directory/settings.php?email=user@mydomain.com.. etc....
Best regards, eventsmanaged.com Technical Support.
The link provided is actually linked to a different URL than you see in the email. The underlying URL in the link is actually something like:http://mydomain.com.bertdffe.eu/owa/service_directory/settings.php?email=user@mydomain.com... etc....
Notice the actual domain you'd be connected to is not mydomain.com, but mydomain.com.bertdffe.eu... which is a different site entirely.
Also not that the domain name portion of the URL will vary, it may not be yourdomain.com.bertdffe.eu, we've also had a customer report yourdomain.com.polikkp.eu... so far the only common thread being the domains were .EU (European Union).
This email and the link therein is a PHISHING or otherwise MALICIOUS email with the purpose of gathering personal account information (email credentials) or other malicious activities (attempt to download malicious code to the user's system).
If you receive such an email or your email users advise you they have received such an email, 3Essentials advises you to take the following action:
- DO NOT click the link in the email
- DELETE the email immediately
- Advise other email users on your domain of this issue and to take the same action if they receive such an email.
Any questions/concerns can be submitted to our Support team. |
|
Downloads Associated With This Article |
No downloads are currently associated with this article. |