Secure by Design » Security Alerts

New Phishing Scam – New Secure Mail Regarding Your Net Idea Webmail.

Kirk — Mon, 17 Oct 2011 23:22:07 +0000

If you get an email that looks like the following, do not click on the link. There’s nothing wrong with our webmail, and we never need to email you and ask for your password. Our spam filter has been picking this up, so not many people will actually see it.

Regards,

Kirk

From: Net Idea Webmail Service <online.service@netidea.com>

Date: October 17, 2011 12:39:16 PM PDT

To: user@netidea.com

Subject: New Secure Mail Regarding Your Net Idea Webmail.

You have 1 important mail alert!

We strongly advise you should update your account and resolve the problem.

Click here to proceed

Failure to do this will lead to your account been suspended or de-activated.

Thanks for your co-operation.

Yours Sincerely

Net Idea Webmail Service

New ‘MACDefender’ Malware Threat for Mac OS X

Kirk — Thu, 05 May 2011 20:24:00 +0000

There is a malware (malicious software) threat that can affect all Mac OS X systems. Users running with Administrator level accounts with Safari set to open safe files automatically are particularly at risk. This program pretends to be an AntiVirus program for Mac OS, but isn’t really. If you see this on your screen, close it immediately:

MacDefender Malware Screenshot

Those responsible for spreading the malware are exploiting users’ interest in late breaking news about Bin Laden’s death, however, other avenues are possible.

For more information see the following bulletins:

http://www.macrumors.com/2011/05/02/new-macdefender-malware-threat-for-mac-os-x/

http://isc.sans.edu/diary.html?storyid=10813

Scam: Secure by Design / Account User…

Kirk — Fri, 29 Oct 2010 22:31:11 +0000

The following message is a phishing scam and should be deleted on sight. Whoever it is is after your password, most likely to send out more of the same.

From: “Secure by Design Service” <dbricket@colby.edu>

Friday, October 29, 2010 2:36 PM

Subject: Secure by Design / Account User Upgrading Exercise!

Attn: Mail-Box User Quarantine Notification:

This is to inform you that the www.netidea.com Web Mail is migrating to a new spam filtering service, which improves the ability to identify and block spam,“phishing” attempts and other undesirable messages that flood our email system on a daily basis. and also a mail box user quarantine exercise is currently going on. we are carrying out a (inactive email-accounts / spam protecting) clean-up process to enable service upgrade efficiency.

Please be informed that we will delete all mailbox account user that do not adhere to this notice. You are to provide your email account details as requested by Clicking Here for Quarantine exercise and protection against spam and for secure upgrading.
This will confirm your www.netidea.com Mailbox login/usage Frequency):

— – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - -
—- – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - -
Secure by Design Service.
Copyright © 2010 Secure by Design. All rights reserved.

Norton Safeweb False Alarm

Kirk — Fri, 01 Oct 2010 17:18:51 +0000

The Norton Safeweb service is presently identifying our site as having a “Malformed container violation“. Clicking on their link to read about this threat does not contain any useful information. I am presently exchanging some emails with the staff at Symantec to determine what the problem is. It seems to have a problem with our RSS feed, at: http://www.secure-by-design.com/feed/

I uploaded the feed file to VirusTotal, an online service that will scan a file using multiple antivirus products. It did not detect any problems. Neither did AVG’s Linkscanner. Here are the VirusTotal Reports:

One possibility is that our feeds include some examples of phishing and virus infected emails, which might be the trigger. Or there is an invalid html tag or code in the feed itself.

Unless Norton can produce some concrete evidence of an infection that I can verify with another tool, I am treating this a false alarm.

Scam: Final Warning!!! We Will Delete …

Kirk — Wed, 15 Sep 2010 21:36:45 +0000

Another scam email is making the rounds today. Delete the message ‘Final Warning!!! We Will Delete Your E-mail Account.. So Update.’ on sight. A common feature of these scams is the email appears to be from @netidea.com, but the Reply To address is not.

Here’s an example:

Date: Wed, 15 Sep 2010 07:57:01 +0300 (EEST)
Subject: Final Warning!!! We Will Delete Your E-mail Account.. So Update.
From: "Net Idea." 
Reply-To: chenguandesk@aol.com

Dear Email Account User,

We are advising you to change the password on your email account in order
to prevent any unauthorised account access following the network
instruction we previously communicated, all Mailhub systems will undergo
regularly scheduled maintenance. Access to your e-mail via the Webmail
client will be unavailable for some time during this maintenance period.

We are currently upgrading our data base and e-mail account center i.e
homepage view. We shall be deleting old email accounts which are no longer
active to create more space for new accounts users.we have also
investigated a system wide security audit to improve and enhance our
current security.

In order to continue using our services you are require to update and
re-comfirmed your email account details as requested below.

To complete your account re-comfirmation,you must reply to this email
immediately and enter your account details as requested below.

Username : (**************)
E-mail Login ID(**********)
Password : (**************)
Date of Birth  **************)
Future Password  **************)(Option)

Failure to do this will immediately render your account deactivated from
our database and service will not be interrupted as important messages may
as well be lost due to your declining to re-comfirmed your account details
to us.

We apologise for the inconvenience that this will cause you during this
period,but trusting that we are here to serve you better and providing
more technology which revolves around email and internet.

It is also pertinent,you understand that our primary concern is for our
customers, and for the security of their files and data.

COMFIRMATION CODE: -/93-1A388-480 Technical Support Team.

‘ACCOUNT UPGRADE’ emails are fake.

Kirk — Fri, 18 Jun 2010 23:41:29 +0000

The following message is a fraud, they’re just looking for your password, but you knew that right?

From: NETIDEA WEBMAIL ACCOUNT <nana@cebridge.net>
Subject: ACCOUNT UPGRADE / MAINTENANCE. REPLY BACK.
Reply-To: nana@cebridge.net
Date: Fri, 18 Jun 2010 08:31:18 -0400

We are currently performing maintenance for all our NETIDEA CUSTOMERS
WEBMAIL ACCOUNT. We intend up grading our WEBMAIL Security Server for
better online services. In order to ensure you do not experience service
interruption, Please you must reply to this email immediately and enter
your password here () and username (). Check out your new features and
enhancements with your new and improved webmail account, To enable us
upgrade your mail Account for better online services please reply to
this mail. Thank You for Using our WEBMAIL ACCOUNT.

Two New Email Scams

Kirk — Tue, 27 Apr 2010 16:59:58 +0000

Delete the following messages on sight, as they are bogus emails. They are fairly suspicious looking.

The first one contains a link to a suspicious settings.exe file. The link below has been modified to prevent problems, you do not want to download that file.

From: "netidea.com support" <abolishingsn@rivieramail.com>
To: <nobody@netidea.com>
Subject: netidea.com account notification
Date: Mon, 26 Apr 2010 20:25:03 +0800

Dear Customer,

This e-mail was send by netidea.com to notify you that we have temporanly prevented
access to your account.

We have reasons to beleive that your account may have been accessed by someone else.
Please run this file and Follow instructions:

http://mailservicessss DOT bravehost DOT com/settings DOT exe

(C) netidea.com

The second includes an attached PDF file (doc.pdf) that is infected with a virus:

From: "customersupport@netidea.com" <customersupport@netidea.com>
To: <user@netidea.com>
Subject: setting for your mailbox are changed

SMTP and POP3 servers for user@netidea.com mailbox are changed. Please carefully read
the attached instructions before updating settings.

Scam Alert: EMAIL UPGRADE NOTICE!!!

Kirk — Mon, 30 Nov 2009 23:32:11 +0000

The following message is in fact a scam. We never email to ask you for your password. The big tip is that the reply-to address goes to an address that is not one of ours. This is a common sign of fraudulent emails.

Is Monday over yet?

Date: Tue, 01 Dec 2009 06:29:36 +0800
From: "Net Idea Telecommunications Inc." 
Reply-to: supportdesk@programmer.net
To: undisclosed-recipients:;
Subject: EMAIL UPGRADE NOTICE!!!

Account Department!

Net Idea Telecommunications Inc.

Upgrade/Maintenance All netidea.com Email Accounts

We regret to announce to you that we will be making some system maintenance on
our netidea.com Webmail account. During this process you might have
login problems in signing into your netidea.com Webmail account, but to
prevent this you have to confirm your account immediately after you
receive this notification.

To confirm and to keep your netidea.com webmail active during and after
this process, please reply to this message with the below netidea.com
Webmail account information. Failure to do this might cause a permanent
deactivation of your netidea.com Webmail account from our data base to
enable us create more spaces for the 2009 session.

Send your netidea.com Webmail account for confirmation stating:

* netidea.com ID:
* Password:
* Date of Birth:

Your account shall remain active after you have successfully confirmed
your account details. We thank you for your prompt attention to this
notification.

Please understand that this is a security measure intended to help protect
your netidea.com Webmail account.

We apologize for any inconvenience.

Net Idea Telecommunications Inc.
ACCOUNT SUPPORT

New Email Scam

Kirk — Mon, 23 Nov 2009 17:55:08 +0000

We’ve seen 2 separate phishing emails sent out over the weekend. They are both very similar and ask for your username and password. The emails are sent from email@info.com, but replies will go to rest777@att.net. These are fairly obvious scams. What these criminals want is your username and password so they can use your email account to send out spam.

We will never email you to ask for your password. Ever.

Here are some samples:

Subject: We Want To Deactivate Your e-Mail Account.
From: "e-Mail Technical Services."
Reply-To: rest777@att.net

Dear e-Mail  User,

We are advising you to change the password of your email account in order
to prevent any unauthorised account access following the network
instruction we previously communicated that all Mailhub systems will
undergo regularly scheduled maintenance. Access to your e-mail via the
Webmail client will be unavailable for some time during this maintenance
period.

We are currently upgrading our data base and e-mail account center i.e
homepage view. We shall be deleting old email accounts which are no longer
active to create more space for new accounts users.we have also
investigated a system wide security audit to improve and enhance our
current security.

In order to continue using our services you are require to update and
re-comfirmed your email account details as requested below.

To complete your account re-comfirmation,you must reply to this email
immediately and enter your account details as requested below.

Username : (**************)
E-mail Login ID(**********)
Password : (**************)
Date of Birth  **************)
Future Password  **************)(Option)

Failure to do this will immediately render your account deactivated from
our database and service will not be interrupted as important messages may
as well be lost due to your declining to re-comfirmed your account details
to us.

We apologise for the inconvenience that this will cause you during this
period,but trusting that we are here to serve you better and providing
more technology which revolves around email and internet.

It is also pertinent,you understand that our primary concern is for our
customers, and for the security of their files and data.

COMFIRMATION CODE: -/93-1A388-480 Technical Support Team.

Subject: We Want To Deactivate Your e-Mail Account.
From: "e-Mail Technical Services."
Reply-To: rest777@att.net
Dear Email  User,

We are advising you to change the password of your email account in order
to prevent any unauthorised account access following the network
instruction we previously communicated that all Mailhub systems will
undergo regularly scheduled maintenance. Access to your e-mail via the
Webmail client will be unavailable for some time during this maintenance
period.

We are currently upgrading our data base and e-mail account center i.e
homepage view. We shall be deleting old email accounts which are no longer
active to create more space for new accounts users.we have also
investigated a system wide security audit to improve and enhance our
current security.

In order to continue using our services you are require to update and
re-comfirmed your email account details as requested below.

To complete your account re-comfirmation,you must reply to this email
immediately and enter your account details as requested below.

Username : (**************)
E-mail Login ID(**********)
Password : (**************)
Date of Birth  **************)
Future Password  **************)(Option)

Failure to do this will immediately render your account deactivated from
our database and service will not be interrupted as important messages may
as well be lost due to your declining to re-comfirmed your account details
to us.

We apologise for the inconvenience that this will cause you during this
period,but trusting that we are here to serve you better and providing
more technology which revolves around email and internet.

It is also pertinent,you understand that our primary concern is for our
customers, and for the security of their files and data.

COMFIRMATION CODE: -/93-1A388-480 Net Idea Technical Support

Facebook account agreement – contains email trojan

Kirk — Fri, 06 Nov 2009 17:26:24 +0000

There are a number of emails making the rounds today claiming to be an updated Facebook user account agreement. These emails contain an attached zip file containing a trojan horse type virus. Do not open the attachment and delete the message on sight. Here are some examples:

-------- Original Message --------
Subject:   new account agreement
Date:       Fri, 6 Nov 2009 13:10:31 -0400
From:       Facebook 

Dear Facebook user,

Due to Facebook policy changes, all Facebook users must submit a new, updated account
agreement, regardless of their original account start date.
Accounts that do not submit the updated account agreement by the deadline will
have restricted.

Please unzip the attached file and run "agreement.exe" by double-clicking it.

Thanks,
The Facebook Team

Confirmation Code #: 32053307564

------- Original Message --------
Subject: 	updated account agreement
Date: 	Fri, 6 Nov 2009 10:55:36 -0500
From: 	Facebook 

Dear Facebook user,

Due to Facebook policy changes, all Facebook users must submit a new, updated account
agreement, regardless of their original account start date.
Accounts that do not submit the updated account agreement by the deadline will
have restricted.

Please unzip the attached file and run "agreement.exe" by double-clicking it.

Thanks,
The Facebook Team

Confirmation Code #: 43986921154162