sircles.net Computer Support The sircles IT support & solutions blog | All posts by admin

Twitter Feed Popout byInfofru

The sircles IT support & solutions blog Internet Safety & Security, Windows Tweaks and Server Fixes

Security alert for your linked account #28868 - Fake outlook.com account recovery messages

Security alert for your linked account #28868 - Fake outlook.com account recovery messages   Wa

Security alert for your linked account #28868 - Fake outlook.com account recovery messages

 

Watch out for these fake account recovery messages as they are finding their way into outlook.com and hotmail.com!

 

 

 

 
 
     

 

 

Your profile is listed as the recovery email for recipient@hotmail.com. Don't recognize this profile? click here.

 
     
 

Sign-in attempt was blocked for your linked account
recipient@hotmail.com

Someone just used your password to try to sign in to your profile.

 
     
 

You received this email to let you know about important changes to your profile and services.

© 2018 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

 

The actual links point to: http://wiki.1rwn.com/ctireaz/radiantlyb.html  from both ther check activity link and the click here link under 'recognize this profile'

The link is not dangerous - it just forwards you to a Canadian Pharmacy page - but do report the originator of the email and the website as neither will be very nice people.

Your Email Domain Account Notification!! Spam

11. October 2018 16:45 by sirclesadmin in Viruses and Malware threats, SPAM, Phishing
Your Email Domain Account Notification!! Spam   This email has been doing the rounds today: &nb

Your Email Domain Account Notification!! Spam

 

This email has been doing the rounds today:

 

 

From:                              YourEmailDomain.com [no-reply@mailserver.com]

Sent:                               11 October 2018 02:01

To:                                   Recipient

Subject:                          YourEmailDomain.com Account Notification!!

 

Email Security info

Your email name@domain.com has reached an upgrade stage, verify your user email to continue usage,

This is for your own safety to continue using your account, click the button below.

 

Verify

 

Note: Please do not ignore this email to avoid your account closure
Thanks,
The security email team.

.

 

Copyright © 2018 Mail! Inc. (Co. Reg. No. 2344507D) All Rights Reserved. Intellectual Property

 The 'verify' link actually points to: https://caravanecafe.ca/mikoko/Qupdate/index.php?email=name@domain.com&browser=unkonown&time=valid which has already been marked as deceptive by the big browsers:

The website itself:

Is fairly convincing looking and I will type them a nice message in the password field commending them on their good work and encouraging them to continue.

The password actually appears to do a lookup of some kind as it reports that it is wrong but perhaps they just want to get as many of your passwords as possible...?

Anyway, stay vigilant and safe!

We could not reset the password for your AppIe lD - Spam Warning

11. October 2018 16:08 by sirclesadmin in Internet Security, SPAM
We could not reset the password for your AppIe lD - Spam Warning   This rather weak spam email

We could not reset the password for your AppIe lD - Spam Warning

 

This rather weak spam email uses a PDF to try and hide it's dirty link to a fraudulent website.

The email itself:

Dear AppIe User.

We could not reset the password for your AppIe lD because there were too many failed attempts to answer your security questions.  

To read your secure message by opening the attachment(PDF).

You will be prompted to open(view)the file or save(download) it to your computer or device

For best results Save the file , then open it on a web browser.

Your account will be locked if we didn’t receive any response from you in more than twenty four hours

Sincerely,          

Apple Support  

 

Copyright © 2018 Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland.

All rights reserved.

 

The Unlock Apple ID link points to:

http://applie-id.veriby.coolambo.ca which is sketchy at best. The website itself is already marked as deceptive by Google and Microsoft and so shouldn't be making too many lives more miserable.

The Apple site impersonation is somewhat more impressive:

And after you type in any email address and password to the unsecured site, it then presents you with:

in which they actually have the audacity to ask for a card number as security.

Hopefully no one will fall for this nonsense, and they will have wasted their time.

Stay vigilant!

 

We could not reset the password for your AppIe lD - Spam Warning

11. October 2018 16:08 by sirclesadmin in Internet Security, SPAM
We could not reset the password for your AppIe lD - Spam Warning   This rather weak spam email

We could not reset the password for your AppIe lD - Spam Warning

 

This rather weak spam email uses a PDF to try and hide it's dirty link to a fraudulent website.

The email itself:

Dear AppIe User.

We could not reset the password for your AppIe lD because there were too many failed attempts to answer your security questions.  

To read your secure message by opening the attachment(PDF).

You will be prompted to open(view)the file or save(download) it to your computer or device

For best results Save the file , then open it on a web browser.

Your account will be locked if we didn’t receive any response from you in more than twenty four hours

Sincerely,          

Apple Support  

 

Copyright © 2018 Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland.

All rights reserved.

 

The Unlock Apple ID link points to:

http://applie-id.veriby.coolambo.ca which is sketchy at best. The website itself is already marked as deceptive by Google and Microsoft and so shouldn't be making too many lives more miserable.

The Apple site impersonation is somewhat more impressive:

And after you type in any email address and password to the unsecured site, it then presents you with:

in which they actually have the audacity to ask for a card number and bank account and sort code as security.

Hopefully no one will fall for this nonsense, and they will have wasted their time.

Stay vigilant!

 

We could not reset the password for your AppIe lD - Spam Warning

11. October 2018 16:08 by sirclesadmin in Internet Security, SPAM
We could not reset the password for your AppIe lD - Spam Warning   This rather weak spam email

We could not reset the password for your AppIe lD - Spam Warning

 

This rather weak spam email uses a PDF to try and hide it's dirty link to a fraudulent website.

The email itself:

Dear AppIe User.

We could not reset the password for your AppIe lD because there were too many failed attempts to answer your security questions.  

To read your secure message by opening the attachment(PDF).

You will be prompted to open(view)the file or save(download) it to your computer or device

For best results Save the file , then open it on a web browser.

Your account will be locked if we didn’t receive any response from you in more than twenty four hours

Sincerely,          

Apple Support  

 

Copyright © 2018 Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland.

All rights reserved.

 

The Unlock Apple ID link points to:

http://applie-id.veriby.coolambo.ca which is sketchy at best. The website itself is already marked as deceptive by Google and Microsoft and so shouldn't be making too many lives more miserable.

The Apple site impersonation is somewhat more impressive:

And after you type in any email address and password to the unsecured site, it then presents you with:

in which they actually have the audacity to ask for a card number and bank account and sort code as security.

Hopefully no one will fall for this nonsense, and they will have wasted their time.

Stay vigilant!

 

recipient@email.address Pending Email Error

11. October 2018 08:06 by sirclesadmin in
recipient@email.address Pending Email Error This email has been received in a number of different co

recipient@email.address Pending Email Error

This email has been received in a number of different countries this week:

 

From:                              Service Noreply. [H.dalgin@t-online.de]

Sent:                               09 October 2018 13:25

To:                                   Anna Johnston

Subject:                          anna.johnston@bwwcomms.com Pending Email Error.

 

Early this morning, your e-mail anna.johnston@bwwcomms.com failed to sync and returned (11) incoming messages.

This is due to a server error on your mailbox.

Recover_Messages_Now

2018 Message Center

The 'Recover_Messages_Now' link actually points at: https://battlefieldsportseurope.com/amg/?fr2=recipient@email.domain which is already showing as a deceptive site in Chrome and Microsoft Edge.

 

 

You have received efax Message: Spam warning

2. October 2018 13:05 by sirclesadmin in Internet Security, Online Fraud
You have received efax Message: Spam warning   This email is impersonating eFax by using links

You have received efax Message: Spam warning

 

This email is impersonating eFax by using links back to the eFax images and website, but it is a very low-fi spam attempt. 'You have received fax message' sounds like someone did not quite know how to translate the sentence, when you would've thought that they would just use the text from a real eFax message.

The email in this case has arrived from efax@flumepsychiatry.com which is obviously a giveaway :

 

 

 

 

From:                                         eFax j2 Global <efax@flumepsychiatry.com>

Sent:                                           Monday, October 1, 2018 4:42 PM

To:                                               Recipient

Subject:                                     You have received efax Message

 

 

 

 

eFax_Faxing_Simplified

 

Fax Message Caller-ID: 8046 545 7372,

You've received a 3 page fax at 10-01-2018 03:24:57 GMT.

*Your reference # for this fax is dk7_dtd24-48654058334483-5433851-55.

Visit www.efax.com/efax-help-center if you have any questions regarding this notification.

 



eFax Crew

 

j2 footer
2002-2018 j2 Global, Inc. and affiliates. All rights reserved.
eFax is a registered trademark of j2 Global, Inc.
61526 Hollywood St, Los Angeles, CA 97426

*** This is an automatically generated message, please do not reply directly to this email address *** Privacy Policy.

 The 'get fax' link (rather an unfortunate phrase) actually points to: http://pitchbrooklyn.com?5j8ti=QIUBNYQASHUBQYUDP which is actually not working currently, probably because the spam is already a day old.

 

 

Mail Domain Cancellation Notice! Spam Warning

18. September 2018 11:26 by sirclesadmin in
Mail Domain Cancellation Notice! Spam Warning &amp;nbsp;

Mail Domain Cancellation Notice! Spam Warning

This email has been doing the rounds this week:

 

 

 

From:                              yourdomain.com® [admin@paperlesschoices.com]

Sent:                               17 September 2018 19:33

To:                                   Recipient

Subject:                          Domain Cancellation Notice!

 

 

Mail Domain Cancellation Notice!

Hello, Your.Email
Your request to cancel your mail server domain will be processed in 24 hours from now. If you did not make this request, please revalidate your mail server domain to continue using your account.

Revalidate Now

Account Information:

Email: youremail@domain.com

Domain: yourdomain.com

Please revalidate your mail server within 24 hours for your account and domain safety. 

This message was sent to youremail@domain.com. If you don't want your domain to be fully confiscated within the next 24 hours, please revalidate your mail server domain immediately. 

 

 

The 'Revalidate Now' link actually points to: https://www.g4g3.com/components/com_weblinks/updatesharpboyz/index.php?email=youremail@domain.com

 

Which is an active site with a certificate:

 

 

The page is simply a way of getting your email password and does look fairly convincing. In order to help others please report this site as soon as possible and mark the originating email address as junk.

LinkedIn Spam - You have unread messages from dorothy

14. September 2018 06:40 by sirclesadmin in
LinkedIn Spam - You have unread messages from dorothy No Capital &#39;D&#39; on Dorothy, but apart from that

LinkedIn Spam - You have unread messages from dorothy

No Capital 'D' on Dorothy, but apart from that there is not much to give this one away - it is just a way of advertising a site - but this email is surprisingly effective, we're just not sure how it passed SPF and got in!

 

 

 

From:                                         LinkedIn Messaging <messaging-digest-noreply@linkedin.com>

Sent:                                           Friday, September 14, 2018 12:30 AM

Subject:                                     dorothy sent you a new message

 

LinkedIn

 

Linkedin

 

You have unread messages from dorothy

dorothy snow

 

 

 

Hi i want to connect with you on LinkedIn. I would be happy to learn more about you.. see more

 

 

 

 

 

Reply

 

mobile phone image

Opportunity is always within reach. Get the LinkedIn app.

iOS . Android

 

The target site of most of the links is actually: http://linkdne.ihostfull.com/ which Chrome literally marked as deceptive whilst we were examining it. In truth it is just a bounce for various adverts, probably forwarded on by a phony marketing company looking to get hits for unsuspecting customers.

Not a bad effort all-round and a great way of getting hits.

No real danger.

Mark as spam and report the sites.

Happy surfing!

 

Your credit card account was charged at Apple Store for $2,526.87 SPAM credit-based $1,812.67 SPAM

12. September 2018 06:53 by sirclesadmin in
&amp;nbsp;Your credit card account was charged at Apple Store for $2,526.87 SPAM credit-based $1,812.67

 Your credit card account was charged at Apple Store for $2,526.87 SPAM credit-based $1,812.67 SPAM

 

Watch out for this email and it's variants this week.

  

U.S. Bank

 From:                                                       U.S. Bank Online   <usbank@rlvgcpa.com>

Sent:                                                         Tuesday, September 11, 2018 5:49 PM

To:                                                            Accounts Team

Subject:                                                   U.S. Bank Alert

View this e mail as a Website page. View our Safety Policies.

U.S. Bank?

Your credit card account was charged at Apple Store for $2,526.87.

Please don't respond to this letter. If you want to contact us, please log in to U.S. Bank On-line Banking at usbank.com and contact Customer Service.

You're getting this e-mail because you signed up for alerts via U.S. Bank Banking. If you do not want to receive these alerts, log in to U.S. Bank Online Banking at usbank.com to deactivate or permanently erase this alert.

Get Your Receipt Here

U.S. Bank Online Banking

 

 

Protecting your personal privacy is our priority. We'll never initiate a demand through e-mail for your sensitive info such as your Personal ID, SSN, PIN or Account Phone number. For your safety, never discuss this info with anyone. If you get an email requesting your sensitive info, or feel the need to report a shady e-mail, send it to fraud_help@usbank.com or contact U.S. Bank Customer Service right away at 800-872-2657.

Get more information about recognizing on-line scam issues.

Find us on:

Facebook

Twitter

YouTube

Branch Locator

usbank.com

800 US BANKS (872-2657)

U.S. Bank Mobile

 

 

 

U.S. Bank

 

 

From:                                                       U.S. Bank Online Banking  <usbank@rlvgcpa.com>

Sent:                                                         Tuesday, September 11, 2018 5:43 PM

To:                                                            Accounts Team

Subject:                                                   U.S. Bank Notification

 

See this e mail as a Website page. View our Safety Policies.

U.S. Bank?

Your credit-based card was charged at Apple Store for $1,812.67.

Please don't reply to this letter. If you would like to contact us, please log in to U.S. Bank Online at usbank.com and send a message to Customer Service.

You are receiving this e mail because you registered for alerts through U.S. Bank Online Banking. If you do not wish to receive this alert, sign in to U.S. Bank Online at usbank.com to temporarily deactivate or permanently remove this alert.

View Your Receipt Here

U.S. Bank Online

 

 

Protecting your personal privacy is our priority. We'll never initiate a demand through e-mail for your sensitive info such as your Personal ID, SSN, PIN or Account Phone number. For your safety, never discuss this info with anyone. If you get an email requesting your sensitive info, or feel the need to report a shady e-mail, send it to fraud_help@usbank.com  or contact U.S. Bank Customer Service right away at 800-872-2657.

Get more information about recognizing on-line scam issues.

Find us on:

Facebook

Twitter

YouTube

Branch Locator

usbank.com

800 US BANKS (872-2657)

U.S. Bank Mobile

 

 

In the email the 'Get Your Receipt Here' link points to: 

http://propertyshore.com?3Vy0T=QIUBNYQASHUBQYUDP

In the second email the link points to:

http://jeffbigcountrycaldwell.co?2iO=QIUBNYQASHUBQYUDP

The second link is already broken but the first simply downloads a Microsoft Word document that will be full of macros. 

Mark both of these emails as spam if received.