I think we've all had those emails from the Banks "security" department and which threaten all sorts of mayhem and chaos if you don't go to the site right now and type in all your security details which then gets sent to some dodgy bloke in an internet cafe in deepest scam land, well, yesterday I saw a new twist on it in the form of two emails.
The first was from an IT recruitment agency and it was the normal "we are wonderful, we are awesome, send us your CV" and I didn't think much of it until I saw the email address under the link - it was a yahoo mailbox with what looked like one of those auto generated addresses.
The second came from "undisclosed" and was talking about a webmail upgrade. My hosting provider recently upgraded their webmail portal so at first I thought this was part of that work until I saw that it had been through a mail server in the ukraine then when I read the email more closely I saw that they were asking me to reply to them giving my email address and logon password. Now, my hosting providers security is atrocious as they use the account password for verification purposes (which must mean that staff can see it) so I can easily see people getting duped into sending this information. Of course, the reply to address wasn't a legitimate address and so was another phishing attempt.
I'm now wondering what other scams are out there... I'm also thinking of changing hosting providers due to their terrible security policy.
Subscribe to Ramblings of a Sysadmin
Get the latest posts delivered right to your inbox