Posted on December 28th, 2016 by Kirk. Filed under Security Alerts.
There has been an increase in the last 4-6 weeks in “Phishing” email scams that are looking to trick people into either giving out their email login information or financial information. The increase is most likely timed to take advantage of the holidays, when people are busy and IT departments have staff on holidays. In all cases, the links do not point to the real site, and most from addresses are fake as well. Most of these have been sent from real email accounts on legitimate systems that have been hijacked and used to send out spam, so the server and account aren’t on any blacklists. The account is only used for a short time and then a new account is selected.
What to do:
What to look for:
Posted on January 22nd, 2013 by Kirk. Filed under Security Alerts.
Since last August, we’ve been receiving junk emails that appear to be a Facebook friend and contain a single link (see sample below). The actual email address used is usually a yahoo address. It’s not terribly frequent but it is annoying. We had a customer call in about it, so it seems to be more widespread.
The usual advice applies: Delete the message on sight, and don’t trust strange links even if it seems to be from a friend.
I found a couple articles about this problem:
Posted on December 17th, 2012 by Kirk. Filed under Security Alerts.
Two different email scams were launched over the weekend by criminals looking to trick unsuspecting people into providing their email usernames and passwords. One email appeared to come from Microsoft, and the other from “Netidea.com Customer Service”. Both emails used convincing fake webmail login forms that look quite real, but are not and are designed to provide your username and password to them. Once they have access to a stolen email account, it is used to sent out spam through our servers to avoid blacklists and spam filters.
If you have filled in either of these two forms, you will need to change your password right away. You can change your password yourself on our web site by clicking on the Account icon on the top right corner of our screen. The proper internet addresss (URL) for our online account page always starts with: https://www.secure-by-design.com/
Valid email login pages for our webmail service are:
The domain (mail.secure-by-design.com) should always be followed by a slash, and come immediately after the https:// or http://. For example, https://mail.secure-by-design.com.someothersite.com//wp-content/images/login.htm looks almost right, but has a period instead of a slash, and would point to a fake page.
As always, be careful when visiting any site that you have to provide a username and password for. Be sure to watch for changes in the address bar, as often that is the only thing that gives away a forgery!
Here are some screen grabs of the fake emails and the fake login pages:
Secure by Design Technology
Posted on October 17th, 2011 by Kirk. Filed under Security Alerts.
If you get an email that looks like the following, do not click on the link. There’s nothing wrong with our webmail, and we never need to email you and ask for your password. Our spam filter has been picking this up, so not many people will actually see it.
Posted on May 5th, 2011 by Kirk. Filed under Security Alerts.
There is a malware (malicious software) threat that can affect all Mac OS X systems. Users running with Administrator level accounts with Safari set to open safe files automatically are particularly at risk. This program pretends to be an AntiVirus program for Mac OS, but isn’t really. If you see this on your screen, close it immediately:
Those responsible for spreading the malware are exploiting users’ interest in late breaking news about Bin Laden’s death, however, other avenues are possible.
For more information see the following bulletins:
Posted on October 29th, 2010 by Kirk. Filed under Security Alerts.
Attn: Mail-Box User Quarantine Notification:
This is to inform you that the www.netidea.com Web Mail is migrating to a new spam filtering service, which improves the ability to identify and block spam,“phishing” attempts and other undesirable messages that flood our email system on a daily basis. and also a mail box user quarantine exercise is currently going on. we are carrying out a (inactive email-accounts / spam protecting) clean-up process to enable service upgrade efficiency.
Please be informed that we will delete all mailbox account user that do not adhere to this notice. You are to provide your email account details as requested by Clicking Here for Quarantine exercise and protection against spam and for secure upgrading.
This will confirm your www.netidea.com Mailbox login/usage Frequency):
— – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
—- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Secure by Design Service.
Copyright © 2010 Secure by Design. All rights reserved.
The Norton Safeweb service is presently identifying our site as having a “Malformed container violation“. Clicking on their link to read about this threat does not contain any useful information. I am presently exchanging some emails with the staff at Symantec to determine what the problem is. It seems to have a problem with our RSS feed, at: http://www.secure-by-design.com/feed/
I uploaded the feed file to VirusTotal, an online service that will scan a file using multiple antivirus products. It did not detect any problems. Neither did AVG’s Linkscanner. Here are the VirusTotal Reports:
One possibility is that our feeds include some examples of phishing and virus infected emails, which might be the trigger. Or there is an invalid html tag or code in the feed itself.
Unless Norton can produce some concrete evidence of an infection that I can verify with another tool, I am treating this a false alarm.
Posted on September 15th, 2010 by Kirk. Filed under Security Alerts.
Another scam email is making the rounds today. Delete the message ‘Final Warning!!! We Will Delete Your E-mail Account.. So Update.’ on sight. A common feature of these scams is the email appears to be from @netidea.com, but the Reply To address is not.
Here’s an example:
Date: Wed, 15 Sep 2010 07:57:01 +0300 (EEST) Subject: Final Warning!!! We Will Delete Your E-mail Account.. So Update. From: "Net Idea." <firstname.lastname@example.org> Reply-To: email@example.com
Dear Email Account User, We are advising you to change the password on your email account in order to prevent any unauthorised account access following the network instruction we previously communicated, all Mailhub systems will undergo regularly scheduled maintenance. Access to your e-mail via the Webmail client will be unavailable for some time during this maintenance period. We are currently upgrading our data base and e-mail account center i.e homepage view. We shall be deleting old email accounts which are no longer active to create more space for new accounts users.we have also investigated a system wide security audit to improve and enhance our current security. In order to continue using our services you are require to update and re-comfirmed your email account details as requested below. To complete your account re-comfirmation,you must reply to this email immediately and enter your account details as requested below. Username : (**************) E-mail Login ID(**********) Password : (**************) Date of Birth :(**************) Future Password :(**************)(Option) Failure to do this will immediately render your account deactivated from our database and service will not be interrupted as important messages may as well be lost due to your declining to re-comfirmed your account details to us. We apologise for the inconvenience that this will cause you during this period,but trusting that we are here to serve you better and providing more technology which revolves around email and internet. It is also pertinent,you understand that our primary concern is for our customers, and for the security of their files and data. COMFIRMATION CODE: -/93-1A388-480 Technical Support Team.
The following message is a fraud, they’re just looking for your password, but you knew that right?
From: NETIDEA WEBMAIL ACCOUNT <firstname.lastname@example.org> Subject: ACCOUNT UPGRADE / MAINTENANCE. REPLY BACK. Reply-To: email@example.com Date: Fri, 18 Jun 2010 08:31:18 -0400 We are currently performing maintenance for all our NETIDEA CUSTOMERS WEBMAIL ACCOUNT. We intend up grading our WEBMAIL Security Server for better online services. In order to ensure you do not experience service interruption, Please you must reply to this email immediately and enter your password here () and username (). Check out your new features and enhancements with your new and improved webmail account, To enable us upgrade your mail Account for better online services please reply to this mail. Thank You for Using our WEBMAIL ACCOUNT.
Delete the following messages on sight, as they are bogus emails. They are fairly suspicious looking.
The first one contains a link to a suspicious settings.exe file. The link below has been modified to prevent problems, you do not want to download that file.
From: "netidea.com support" <firstname.lastname@example.org> To: <email@example.com> Subject: netidea.com account notification Date: Mon, 26 Apr 2010 20:25:03 +0800 Dear Customer, This e-mail was send by netidea.com to notify you that we have temporanly prevented access to your account. We have reasons to beleive that your account may have been accessed by someone else. Please run this file and Follow instructions: http://mailservicessss DOT bravehost DOT com/settings DOT exe (C) netidea.com
The second includes an attached PDF file (doc.pdf) that is infected with a virus:
From: "firstname.lastname@example.org" <email@example.com> To: <firstname.lastname@example.org> Subject: setting for your mailbox are changed
SMTP and POP3 servers for email@example.com mailbox are changed. Please carefully read the attached instructions before updating settings. <doc.pdf>