Fake Email Messages About Potentially Lucrative Emails That Have been Quarantined

Here’s another one of those fake emails. This one is relatively new in its approach. The Subject line says “WARNING!!! (4) Messages Quarantined” and it comes from “MAIL SERVER ad***@to*****.com.”

WHAT TO DO

Delete! Delete! Delete! And delete it from your trash folder so it is completely out of your computer system. Do not click on any of the links! It goes to some obscure address like “https://cdn-s.de/cgi-bin/index.php?xxxxxxx”  (I do not post the  whole link because someone might click on it from this post). It looks like this is a code that goes to your domain server’s coding folder where it will propagate serious damage.

If you have time, please report the fake email (and all other suspicious email) to the Federal Trade Commission. Help protect the rest of the world.

This email was sent to my technical support address. So I assume it was meant to go to someone who had access to the inner workings of a website.

Notice how the top line of the messages (supposedly quarantined) looks like it has something to do with a payment? Notice also how there are several links to “Release”? These are catchy words/phrases to tempt you into seeing what you might be missing.

 

*********************

Here is the rest of the actual message:

Dear Mail User [su*****@wy***********.com]

The links go here:

Important: Some incoming messages have been placed in your Personal Quarantine.

This pending messages will be deleted automatically after 7 days.

Few of your quarantined messages are listed below along with the actions that can be taken.
To see all quarantined messages view   su*****@wy***********.com" target="_blank" rel="noopener noreferrer">your email quarantine and release to inbox
Quarantined email
Recipient: Subject: date:
Release (su*****@wy***********.com) Remittance Payment Advice For MT103 30/04/2020
Release (su*****@wy***********.com) Re: Re: Contract 30/04/2020
Release (su*****@wy***********.com) Re: SALES ORDER CONFIRMATION 30/04/2020
Release (su*****@wy***********.com) Payment Invoice N96A4456 30/04/2020
Deliver all Messages


Note : This message was sent by the system for notification only.  
 Please do not reply

If this message lands in your spam folder, please move it to your inbox folder for proper interrogation:

This mail is protected to [YOUR REAL ADDRESS]
Ⓒ 2020 Cyber Security Alert . All Rights Reserved.

 

***************

 

Here’s a variation of the same evil scheme:

The links go to this Denmark server:
https://cdn-s.de

Subject: ITsupport Mail Quarantine Notification

Email Notification:

ImportantSome incoming messages have been placed in your Personal Quarantine.
This pending messages will be deleted automatically after 7 days.

Deliver all mails to your Inbox: Visit your Webmail Quarantine CenterCLICK HERE

Few of your quarantined messages are listed below along with the actions that can be taken.

Envelope From: sa***@mi**************.com
Subject: Inquiry
Time: Mon, 04 May 2020 08:49:14 -0700
Envelope From: ko**************@ou*****.com
Subject: RE: Order Confirmation
Time: Mon, 04 May 2020 08:53:51 -0700
Envelope From: an**************@sm*.com
Subject: L90GZ SN/679577
Time: Mon, 04 May 2020 08:55:24 -0700

****************
Another Variation:

An email stating you purchased something and this was debited from your bank. The link goes to a fake website that appears to have no homepage but actually has a mischievous .ASPX file.

Subject:  Credit card purchase confirmation

Hello
Find attached an ACH confirmation which was processed from your bank account.
Regards

Fake Emails from Domain Service

I’ve recently been getting so many emails from this company: Domain Service (or whatever company they decide they want to be).

HOW THEY OPERATE

They send out emails to unsuspecting domain name owners. They get the victim’s email addresses from the listed registered owners of different domain names. Then they send out these bogus warnings that their domains will be lost if they do not renew their subscription. They pose as the authorized company of said domain when actually, they have nothing to do with the domain and actually want to steal it from the victim.

They say they can do it for a huge sum — many times more than the actual cost of the domain name. The victim pays and that’s the last they hear of them.

If you ever receive an email like this, simply trash it and then delete your Trash content. Better still, report it to the Department of Justice. If you want to be sure about the email, contact your website manager or domain register and they can confirm the email’s authenticity.

vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv

SAMPLE

Here’s a sample of one of the emails I received:

 

Important notice

Notice#: 393989

Date: 04/27/2020

Domain Expiration

Domain: [NameOfDomain.com] (whatever your domain is)

Expiration date: 05/05/2020

To: [The Victim, Victim’s Company]

[Victim’s Address]

Domain Name: Registration Period: Amount: Term:
[NameOfDomain.com] 05/19/2020 to 05/19/2021 $86.00 1 Year

Secure Online Payment

Domain Name: [NameOfDomain.com]

Attn: [Victim’s Name]

 

This important notification notifies you about the notice of your domain frtsgv.org optimization submission. The information in this email may contain legally privileged information from the notification processing department of the Registration Office for our traffic generator. We do not register or renew domain names. We are selling traffic generator tools. This information is intended for the use of the individual(s) named above.
If you fail to complete your domain name registration frtsgv.org search engine optimization service by the expiration date, may the dismissal of this search engine optimization domain name notification notice.

Process

Secure Online Payment

to complete your payment

Failure to complete your domain name registration [NameOfDomain.com] search engine optimization service process may make it difficult for customers to find you on the web.

Act immediately

This domain registration for [ search engine service optimization notification will expire 05/05/2020.

Instructions and Unlike Instructions from this Newsletter:
You have received this message because you elected to receive notification. If you no longer wish to receive our notifications, please unlike here. If you have multiple accounts with us, you must opt out for each one individually to unlike receiving notifications. We are a search engine optimization company. We do not directly register or renew domain names. This is not a bill. You don’t need to pay the amount unless you accept this notification. This message, which contains promotional material strictly along the guidelines of the Can-Spam act of 2003. We have clearly mentioned the source mail-id of this email, also clearly mentioned our subject lines and they are in no way misleading. Please do not reply to this email, as we are not able to respond to messages sent to this address.

Email Housekeeping

Question:

My email messages are piling up… and about to lose memory. Is there a way to delete in groups as opposed to doing it individually?

Answer:

I have the same problem. I need to clean up every once in a while.

Depending on what program you use, the procedure may be different. Let’s use Mozilla Thunderbird as an example. What I do is double click on the top of the DATE column  (where the title of that column is) and that action arranges all the emails chronologically. If you click the title (DATE) again, it reverses — with the oldest on top and the newest at the bottom. I then decide that all emails past (say 2019) are all useless. Then I

  • choose all the emails earlier than 2019
  • hold shift
  • scroll down all the way to the bottom (still holding shift)
  • then (while all the old emails are selected) hit the delete key
  • depending on how many you select, it will take a few seconds or even minutes

Then I do the same with the names of the people who delivered the email. I double click the title (CORRESPONDENCE) and the emails are alphabetically arranged. It’s easier to delete once you group the emails according to people who have any relevance in your life. Do this with the rest of the columns.

After you are done deleting the emails, remember that they are still in your TRASH folder(s). Before you delete your trash, delete your JUNK folder first because you will transfer your JUNK to your TRASH so you need not delete TRASH twice. Right click on that/those folders and select EMPTY FOLDER.

I hope this helps.

Raoul