20/10/2009: A new email scam is becoming very prevalent at this time. The emails suggest you follow a link because your email service has been updated and you need to apply the settings. Details are below.
If you receive any of these emails, just delete them – do not click on the link.
23/10/2009 Update: There are now many other scam emails following the same basic formula and becoming very prevalent in their own right. In particular a message pretending to be from “Microsoft Update Centre” with subject line suggesting an update to Microsoft Outlook. Once again the link appears to go to microsoft.com, but checking the code will show a location similar to those in the example below. Microsoft would not write to you in this manner and they probably wouldn’t have your email address anyway, unless you signed up to something in particular. Do not follow the links in these emails.
If you are a client and have any questions regarding anything here, please do not hesitate to contact us.
Scam Email Details:
The subject line varies, but will be something like these examples:
- The settings for the firstname.lastname@example.org mailbox were changed
- A new settings file for the email@example.com
- For the owner of the firstname.lastname@example.org mailbox
Subject line examples for the Microsoft Outlook update scam message:
- Microsoft Outlook Update
- Microsoft Outlook Critical Update
- Critical Update for Microsoft Outlook
- Microsoft has released an update for Microsoft Outlook
The Mailing Service scam message body content is always the same:
Dear user of the athenaeum.co.uk mailing service!
We are informing you that because of the security upgrade of the mailing service your mailbox (email@example.com) settings were changed In order to apply the new set of settings click on the following link:
http://yourdomain.tld/owa/service_directory/settings.php? firstname.lastname@example.org&from=yourdomain.tld &fromname=yourname
Best regards, yourdomain.tld Technical Support.
Message body example for Microsoft Outlook update scam:
Update for Microsoft Outlook / Outlook Express (KB910721)
Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest level of security and stability.
- To install Update for Microsoft Outlook / Outlook Express (KB910721) please visit Microsoft Update Center:
- File Name: officexp-KB910721-FullFile-ENU.exe
- Version: 1.5
- Date Published: Fri, 23 Oct 2009 10:31:33 +0100
- Language: English
- File Size: 100 KB
- Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista
- This update applies to the following product: Microsoft Outlook / Outlook Express
About the links
If you check, you will find it does not go to your domain (or microsoft.com in the case of the Outlook scam), it actually goes somewhere like this:
These are subdomains created with your domain name (or update.microsoft.com) as the sub-domain but actually viewing a page on a web server running the ttl1lll.net (or whichever) domain.
The top three above examples are apparently registered in Sao Paulo & Tokyo but the IP address of the web servers point to Korea, Thailand, Spain and others, but mainly Korea.