Posted on January 15th, 2024 by Kirk. Filed under Security Alerts.
This email scam targets Nelson Chamber of Commerce members with an email that says its an “Annual Special Report”. Like many scams, there are a number of telltale signs. The subject line uses inconsistent spacing of the words, and the From address is not the real Chamber address. There is an attached file that looks like it’s designed to capture email passwords.
Don’t fall for the scam! Delete it!
Posted on December 28th, 2016 by Kirk. Filed under Security Alerts.
There has been an increase in the last 4-6 weeks in “Phishing” email scams that are looking to trick people into either giving out their email login information or financial information. The increase is most likely timed to take advantage of the holidays, when people are busy and IT departments have staff on holidays. In all cases, the links do not point to the real site, and most from addresses are fake as well. Most of these have been sent from real email accounts on legitimate systems that have been hijacked and used to send out spam, so the server and account aren’t on any blacklists. The account is only used for a short time and then a new account is selected.
What to do:
What to look for:
Posted on January 22nd, 2013 by Kirk. Filed under Security Alerts.
Since last August, we’ve been receiving junk emails that appear to be a Facebook friend and contain a single link (see sample below). The actual email address used is usually a yahoo address. It’s not terribly frequent but it is annoying. We had a customer call in about it, so it seems to be more widespread.
The usual advice applies: Delete the message on sight, and don’t trust strange links even if it seems to be from a friend.
I found a couple articles about this problem:
Posted on December 17th, 2012 by Kirk. Filed under Security Alerts.
Two different email scams were launched over the weekend by criminals looking to trick unsuspecting people into providing their email usernames and passwords. One email appeared to come from Microsoft, and the other from “Netidea.com Customer Service”. Both emails used convincing fake webmail login forms that look quite real, but are not and are designed to provide your username and password to them. Once they have access to a stolen email account, it is used to sent out spam through our servers to avoid blacklists and spam filters.
If you have filled in either of these two forms, you will need to change your password right away. You can change your password yourself on our web site by clicking on the Account icon on the top right corner of our screen. The proper internet addresss (URL) for our online account page always starts with: https://www.secure-by-design.com/
Valid email login pages for our webmail service are:
The domain (mail.secure-by-design.com) should always be followed by a slash, and come immediately after the https:// or http://. For example, https://mail.secure-by-design.com.someothersite.com//wp-content/images/login.htm looks almost right, but has a period instead of a slash, and would point to a fake page.
As always, be careful when visiting any site that you have to provide a username and password for. Be sure to watch for changes in the address bar, as often that is the only thing that gives away a forgery!
Here are some screen grabs of the fake emails and the fake login pages:
Sincerely,
Kirk Ismay
Secure by Design Technology
Posted on October 17th, 2011 by Kirk. Filed under Security Alerts.
If you get an email that looks like the following, do not click on the link. There’s nothing wrong with our webmail, and we never need to email you and ask for your password. Our spam filter has been picking this up, so not many people will actually see it.
Regards,
Kirk
You have 1 important mail alert!
We strongly advise you should update your account and resolve the problem.
Click here to proceed
Failure to do this will lead to your account been suspended or de-activated.
Thanks for your co-operation.
Yours Sincerely
Net Idea Webmail Service
Posted on May 5th, 2011 by Kirk. Filed under Security Alerts.
There is a malware (malicious software) threat that can affect all Mac OS X systems. Users running with Administrator level accounts with Safari set to open safe files automatically are particularly at risk. This program pretends to be an AntiVirus program for Mac OS, but isn’t really. If you see this on your screen, close it immediately:
Those responsible for spreading the malware are exploiting users’ interest in late breaking news about Bin Laden’s death, however, other avenues are possible.
For more information see the following bulletins:
http://www.macrumors.com/2011/05/02/new-macdefender-malware-threat-for-mac-os-x/
http://isc.sans.edu/diary.html?storyid=10813
Posted on October 29th, 2010 by Kirk. Filed under Security Alerts.
Attn: Mail-Box User Quarantine Notification:
This is to inform you that the www.netidea.com Web Mail is migrating to a new spam filtering service, which improves the ability to identify and block spam,“phishing” attempts and other undesirable messages that flood our email system on a daily basis. and also a mail box user quarantine exercise is currently going on. we are carrying out a (inactive email-accounts / spam protecting) clean-up process to enable service upgrade efficiency.
Please be informed that we will delete all mailbox account user that do not adhere to this notice. You are to provide your email account details as requested by Clicking Here for Quarantine exercise and protection against spam and for secure upgrading.
This will confirm your www.netidea.com Mailbox login/usage Frequency):
— – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
—- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Secure by Design Service.
Copyright © 2010 Secure by Design. All rights reserved.
Posted on October 1st, 2010 by Kirk. Filed under Security Alerts, Support.
The Norton Safeweb service is presently identifying our site as having a “Malformed container violation“. Clicking on their link to read about this threat does not contain any useful information. I am presently exchanging some emails with the staff at Symantec to determine what the problem is. It seems to have a problem with our RSS feed, at: http://www.secure-by-design.com/feed/
I uploaded the feed file to VirusTotal, an online service that will scan a file using multiple antivirus products. It did not detect any problems. Neither did AVG’s Linkscanner. Here are the VirusTotal Reports:
One possibility is that our feeds include some examples of phishing and virus infected emails, which might be the trigger. Or there is an invalid html tag or code in the feed itself.
Unless Norton can produce some concrete evidence of an infection that I can verify with another tool, I am treating this a false alarm.
Posted on September 15th, 2010 by Kirk. Filed under Security Alerts.
Another scam email is making the rounds today. Delete the message ‘Final Warning!!! We Will Delete Your E-mail Account.. So Update.’ on sight. A common feature of these scams is the email appears to be from @netidea.com, but the Reply To address is not.
Here’s an example:
Date: Wed, 15 Sep 2010 07:57:01 +0300 (EEST) Subject: Final Warning!!! We Will Delete Your E-mail Account.. So Update. From: "Net Idea." <info@netidea.com> Reply-To: chenguandesk@aol.com |
Dear Email Account User, We are advising you to change the password on your email account in order to prevent any unauthorised account access following the network instruction we previously communicated, all Mailhub systems will undergo regularly scheduled maintenance. Access to your e-mail via the Webmail client will be unavailable for some time during this maintenance period. We are currently upgrading our data base and e-mail account center i.e homepage view. We shall be deleting old email accounts which are no longer active to create more space for new accounts users.we have also investigated a system wide security audit to improve and enhance our current security. In order to continue using our services you are require to update and re-comfirmed your email account details as requested below. To complete your account re-comfirmation,you must reply to this email immediately and enter your account details as requested below. Username : (**************) E-mail Login ID(**********) Password : (**************) Date of Birth :(**************) Future Password :(**************)(Option) Failure to do this will immediately render your account deactivated from our database and service will not be interrupted as important messages may as well be lost due to your declining to re-comfirmed your account details to us. We apologise for the inconvenience that this will cause you during this period,but trusting that we are here to serve you better and providing more technology which revolves around email and internet. It is also pertinent,you understand that our primary concern is for our customers, and for the security of their files and data. COMFIRMATION CODE: -/93-1A388-480 Technical Support Team. |
Posted on June 18th, 2010 by Kirk. Filed under Announcements, Security Alerts.
The following message is a fraud, they’re just looking for your password, but you knew that right?
From: NETIDEA WEBMAIL ACCOUNT <nana@cebridge.net> Subject: ACCOUNT UPGRADE / MAINTENANCE. REPLY BACK. Reply-To: nana@cebridge.net Date: Fri, 18 Jun 2010 08:31:18 -0400 We are currently performing maintenance for all our NETIDEA CUSTOMERS WEBMAIL ACCOUNT. We intend up grading our WEBMAIL Security Server for better online services. In order to ensure you do not experience service interruption, Please you must reply to this email immediately and enter your password here () and username (). Check out your new features and enhancements with your new and improved webmail account, To enable us upgrade your mail Account for better online services please reply to this mail. Thank You for Using our WEBMAIL ACCOUNT.