In an almost humorous tactic, a new email Phishing campaign tries to trick email usersĀ into surrendering their account Username and Password by telling them their email account has already been compromised.
The email warns that their account has already been accessed from a foreign IP address and used to send spam, and will be suspended unless the recipient verifies the account credentials.
The irony is that these emails are coming form infected zombie machines, predominantly from foreign IP addresses and if the target provides their email Username/Password the account will almost certainly be used for spam and fraud.
These identify theft fraud emails are arriving with subject lines such as:
!!!! Important Notices !!!!
In an attempt to appear more credible, the emails are also personalized to include several references to the users email domain.
A complete example of this updated campaign follows, but please note we’ve replaced the actual domain with “YourDomain.com” below:
Dear YourDomain.com User
Your email account has been used to send numerous Spam mails, recently from a foreign IP. As a result, the YourDomain.com has received advice to suspend your account.
However, you might not be the one promoting this Spam, as your email
account might have been compromised. To protect your account from sending spam mails, you are to confirm your true ownership of this account by providing your original Username (*******) and Password (*******) as a reply to this message.On receipt of the requested information, the “YourDomain.com” web email
support shall block your account from Spam.Failure to do this will violate the YourDomain.com email terms & conditions. This will render your account inactive.
NOTE: You will be send a password reset message in next seven (7) working days after undergoing this process for security reasons.
Thanks for using YourDomain.com
YourDomain.com, Webmail Access (Powered By YourDomain.com). (c) 2009 YourDomain.com* All rights reserved
Notice that this fraud also cleverly warns the user they will be assigned a new password in “7 business days” which will allow the con artists behind this email scam ample time to completely abuse the account address.
While such socially engineered emails should be easy to spot as identity theft fraud emails, they unfortunately work on a large enough percentage of users to provide spammers with an endless stream of hijacked accounts.
- -
OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.
Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."
OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.
Related posts:
