I received a disturbing email from a client this morning. He had received an official-looking email that appeared to have come from an address at Rare Bird. The message said:

Subj: Please update your information at [clientdomain].com

Dear [clientdomain].com,

Rare Bird Inc is hereby announcing a new upgrade for Content management system. We’ve upgraded our new SSL (Secure Sockets Layer) encryption servers to serve our customers for a better and secure system service.

We strongly advice all our customers to update their account information with us due to recent changes in our systems.

You can do this by clicking the url link below.

rarebirdinc-[phishingdomain].com/admin/?website=[clientdomain].com

Thank you for your prompt attention to this matter. Please understand that this is a security measure that is meant to help protect you and your account. Most importantly you are advised to complete every section accordingly without leaving a part out.

We apologize for any inconveniencies.

If you choose to ignore our request, your account may be suspended temporarily.

Rare Bird Inc
P.O. Box 90254
Indianapolis, IN 46290
===========

The problem is, the message didn’t come from us. And the web address it leads you to is not ours, either. If you’re not careful, you could be easily persuaded that this was something important. You might visit the site, enter your Username and Password, and realize too late the damaging results.

It’s a fairly slick attempt. It would appear that they accessed our domain records to find out who our clients were and targeted them directly. Of course, we wouldn’t be alone in this… I suspect that there are literally thousands of domains registered that are being used in schemes like this.

What should you do?

First, be very careful any time you receive an unsolicited request for email and password information. Whether it’s from us, another company you work with, a social network, or (God forbid) your bank. If you didn’t initiate the contact, chances are you shouldn’t be responding to it.

Second, if you have a question about the legitimacy of a message you’ve received, do what Nathan did this morning: contact the company directly and ask.

Finally, if it’s too late and you’ve already fallen for it, you’ll need to immediately change your access credentials, pretty much wherever you might use the same information. Don’t hesitate to contact me if you have any questions or comments.

Be careful! It’s a jungle out there!

Post a Comment

Your email is kept private. Required fields are marked *