We have received several concerned calls from our customers today regarding e-mail phishing attempts which appear to be generated from their own domains. Apparently someone is sending e-mails claiming that the “security upgrade” has caused setting update and asking user to login to particular URL to update their username and password.
CAUTION: This is an example message one of our users have reported, the exact wording may vary however the principal remains the same. Hackers want to fool you in to giving them your login information.
Dear user of the acme.com mailing service!
We are informing you that because of the security upgrade of the mailing service your mailbox (user@acme.com) settings were changed. In order to apply the new set of settings click on the following link:
http://acme.com/owa/service_directory/settings.php?email=user@acme.com&from=acme.com&fromname=user
Best regards, acme.com Technical Support.
We have substituted acme.com where the actual domain name is used. Apparently the information they use including e-mail addresses where this e-mail is sent to has been harvested from the websites. We can only guess the hackers are trying to collect legitimate mail accounts to further spamvertise or propagate viruses. We highly recommend users to remain vigilant and never update password when prompted via e-mail message.
If you receive an e-mail claiming you need to update account details, assume it is a phishing attempt. Remember, we do not need to know your password and there is no reason for us to request our users to enter personal information.
In addition to the message noted above users have also reported receiving the following malicious e-mail, which claims that you need to install an update on your computer.
CAUTION: This is an example message one of our users have
reported, the exact wording may vary however the principal remains the
same. Hackers want to fool you in to giving them your login information or installing malicious software on your computer.
Attention!
On xxxx xx, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole.
For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.
This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That's all.
http://updates.acme.com.secure.oneupdate.org/core/id=000000000-user@acme.com-patchxxx.exe
Thank you in advance for your attention to this matter and sorry for possible inconveniences.
System Administrator
Again, we have substituted acme.com where the actual domain name is used. We do not send e-mail notifications to our customers requesting you to install updates on your computer. You may only be advised to install an application or update an application on your computer via e-mail if it is in response to a support ticket or phone request you have initialized to our staff. Please remain vigilant when receiving any requests which claim to be from the "system administrator" or "yourdomain.com Technical Support", etc; all communications from our staff will identify our company names and contact information.