E-Mail Alert - Phishing & Viruses

October 15, 2009

Phishing emails that look somewhat legit on the service

This email generally says:
Subject: A new settings file for the you@yourdomainname.com mailbox
Supposedly from no-reply@getset.com
(actually it is from IP address 125.99.174.151 by mail.uk2.net;)

Message:
Dear user of the yourdomainname.com mailing service!
We are informing you that because of the security upgrade of the mailing service your mailbox (whoever@yourdomainname.com) settings were changed. In order to apply the new set of settings click on the following link:

http://yourdomainname.com/owa/service_directory/settings.php?email=whoever@yourdomainname.com&from=yourdomainname.com&fromname=info
Best regards, yourdomainname.com Technical Support.

The link actually goes to a wsasdev.co.uk ip address.

Most good virus/trojan detection programs will pick this up and delete it but if your detection software is not up to date or you have a lousy detection program it could make it to your email box. If so delete it immediately.

Email with an virus infected zipped document.

Once again most up to date virus/trojan detection programs will kill this before it gets to your mailbox but if it does it looks like this:

From: Support
Subject: Microsoft Outlook Notification for the you@yourdomainname.com

Actually from IP address 64.91.25.93 which is from Monroe La. USA

It says:
- Please re-configure your Microsoft Outlook Again.
- Download attached setup file and install.

Which of course is virus infected.

A note: Microsoft would never send out anything, they always direct you to their site. Anyone can put anything in the Sender field, you need to look at the entire message header to see where it actually comes from. The same with any link in an email.