PDA

View Full Version : Is this a security issue?

The Dreaded Lurgy
20th October 2009, 11:31
I just recieved an email claiming to be from my own site -


Dear user of the notanangel.co.uk mailing service!
We are informing you that because of the security upgrade of the mailing service your mailbox (info@notanangel.co.uk) settings were changed. In order to apply the new set of settings click on the following link:

http://notanangel.co.uk/owa/service_directory/settings.php?email=info@notanangel.co.uk&from=notanangel.co.uk&fromname=info
Best regards, notanangel.co.uk Technical Support.


What on earth is this, obviously some kind of scam but waht and how. The link it asks you to click goes to a url of
(http://notanangel.co.uk.ffffexil.co.uk/owa/service_directory/settings.php?email=inf@notanangel.co.uk&from=info@notanangel.co.uk)
http://notanangel.co.uk.ffffexil.co.uk/owa/service_directory/settings.php?email=info@notanangel.co.uk&from=notanangel.co.uk&fromname=info

which has the extra red bit not listed in the link text, I have not dared click on it, is this a page on my site that has somehow been added without my permission?

Cheers, Jon.
apexweb
20th October 2009, 11:36
I have been getting loads of these scams and the file they want you to install is a keylogger virus.

They seem to be coming to random names on my domain names.

Your site has not been hacked as the page is hosted on their own servers.
The Dreaded Lurgy
20th October 2009, 11:48
Thanks that is a bit of peace of mind for me. I am getting so much of this stuff now, fake emails from banks I am not with, foney job offers and the occassional nigerian prince or exotic lottery win!

Your site has not been hacked as the page is hosted on their own servers.

How do they manage to get that url? is it as simple as registering the domain notanangel.co.uk.ffffexil on a .co.uk?
openmind
20th October 2009, 12:03
They haven't registered anything, they have just prefixed their domain with yours and setup a wildcard DNS entry.

It is spam, we've had quite a few as well...
WillowJim
20th October 2009, 12:21
Hi Jon,

You mentioned that you are getting a few of these? How many would you say per week roughly, and how many computer users do you have? Is it just yourself?
JElder
21st October 2009, 11:45
It's a easy matter to fake the 'from' address of an email, and as openmind said, they do not need to do anything clever - I suspect anything at that domain would work. but adding you domain name probably allows them to track you!

Definitely do not click!