Two Email Scams on the Weekend
Two different email scams were launched over the weekend by criminals looking to trick unsuspecting people into providing their email usernames and passwords. One email appeared to come from Microsoft, and the other from “Netidea.com Customer Service”. Both emails used convincing fake webmail login forms that look quite real, but are not and are designed to provide your username and password to them. Once they have access to a stolen email account, it is used to sent out spam through our servers to avoid blacklists and spam filters.
If you have filled in either of these two forms, you will need to change your password right away. You can change your password yourself on our web site by clicking on the Account icon on the top right corner of our screen. The proper internet addresss (URL) for our online account page always starts with: https://www.secure-by-design.com/
Valid email login pages for our webmail service are:
- https://mail.secure-by-design.com/
- https://mail.netidea.com/
- https://zimbra.sbdemail.com/
The domain (mail.secure-by-design.com) should always be followed by a slash, and come immediately after the https:// or http://. For example, https://mail.secure-by-design.com.someothersite.com//wp-content/images/login.htm looks almost right, but has a period instead of a slash, and would point to a fake page.
As always, be careful when visiting any site that you have to provide a username and password for. Be sure to watch for changes in the address bar, as often that is the only thing that gives away a forgery!
Here are some screen grabs of the fake emails and the fake login pages:
Fake Microsoft Email
Fake Outlook Web Access
Fraudulent email from netidea.com “customer service”
False Webmail Login Page
Sincerely,
Kirk Ismay
Secure by Design Technology
