Security Verified
Browse Categories
 Affiliates
 Backup & Restore
 Billing & MyAccount FAQs
 Control Panels
 Customer Tools
 Databases
 Dedicated Servers
 DNS and Domain Registration
 Email
 Glossary
 Network
 News
 PCI Compliance
 Pre-sales FAQ
 Publishing Your Site
 Reseller Tips
 Search Engine Optimization
 Security Topics
 SSL and HTTPS
 Support: Getting Help
 Virtual Desktops
 Virtual Servers
 Website Design & Development
 Website Errors

DotNetNuke Hosting
SQL 2008 R2 / IIS 7.5 Hosting
WordPress Hosting
Forex Trader Hosting
Personal Desktop Hosting

Security Bulletin: PHISHING email "security upgrade of the mailing service your mailbox"

 Article ID: 963

 Back to Search
Security Bulletin: 10/14/2009

Today we had a customer report receiving an email similar to the following (the customer's domain was replaced with "mydomain.com" to protect the customer's personal information)
Dear user of the mydomain.com mailing service!

We are informing you that because of the security upgrade of the mailing
service your mailbox (someuser@mydomain.com) settings were changed.
In order to apply the new set of settings click on the following link:

http://mydomain.com/owa/service_directory/settings.php?email=user@mydomain.com..   etc....

Best regards, eventsmanaged.com Technical Support.

The link provided is actually linked to a different URL than you see in the email.  The underlying URL in the link is actually something like:
http://mydomain.com.bertdffe.eu/owa/service_directory/settings.php?email=user@mydomain.com...   etc....
Notice the actual domain you'd be connected to is not mydomain.com, but mydomain.com.bertdffe.eu... which is a different site entirely.

Also not that the domain name portion of the URL will vary, it may not be yourdomain.com.bertdffe.eu, we've also had a customer report yourdomain.com.polikkp.eu... so far the only common thread being the domains were .EU (European Union).

This email and the link therein is a PHISHING or otherwise MALICIOUS email with the purpose of gathering personal account information (email credentials) or other malicious activities (attempt to download malicious code to the user's system).

If you receive such an email or your email users advise you they have received such an email, 3Essentials advises you to take the following action:
  • DO NOT click the link in the email
  • DELETE the email immediately
  • Advise other email users on your domain of this issue and to take the same action if they receive such an email.
Any questions/concerns can be submitted to our Support team.
 
Downloads Associated With This Article
No downloads are currently associated with this article.

© 2001 - 2012 3Essentials Inc.
Terms Of Service | Privacy Policy | Copyright Policy | Affiliates