Bogus Emails, not from us!

The last week or so we've seen a dramatic rise in a particular type of scam email, both to our personal inboxes, and more recently, to clients as well, the emails in question usually reads something like this:

From: noreply@<yourdomain>
To: <you>@<yourdomain>
Subject: A new settings file for the <your email address> has just been released

Dear user of the <yourdomain> mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox (<youremail>) settings were changed. In order to apply the new set of settings click on the following link:

<a link that appears to be to your domain, but is really to some bad software they have hosted somewhere>

Best regards, Technical Support.

---

The second version we've seen omits the link, but actually has a zip file attached to the email that you are encouraged to open and run.

Let's just get this out of the way, These emails are not from our technical support staff, the emails are most likely designed to lure you into running the file (or visiting the website) in order to infect your machine with some form of... bad thing. Maybe it's spyware, maybe it's adware, maybe turns your machine into a bot and proceeds to start spamming out the same email to other unsuspecting folks.

It's extremely rare that anything we do will result in you getting an email from us that says it's from @yourdomain, there are, I believe, a couple of automatic emails (bandwidth warnings, etc) that may appear to come from email addresses such as "no-reply@ourservername.purenrg.com" or whatever, but never, ever, that I can think of, have we ever sent out an email that wasn't from @purenrg.com (not to say that someone couldn't spoof a fake "From" using our domain just as easily).

Moreover, I can't think of any instance where we've *ever* emailed a zip file to a client asking them to upgrade anything with it, especially to "update your email"... email settings are either entered by hand in your mail client software, or perhaps using the auto-configure links provided inside your cPanel, but never (Atleast from us), via an exe or other program file provided via a somewhat vague email from a invalid email address pretending to be your domain.

Normally we don't post about every new scam or virus email, but we've seen this one pop up quite a bit recently, and wanted to try and provide this post just in case. :) If it prevents one person from getting infected with whatever the payload is in that attachment, then it's worth the effort to post about.