Here’s another one of those fake emails. This one is relatively new in its approach. The Subject line says “WARNING!!! (4) Messages Quarantined” and it comes from “MAIL SERVER ad***@to*****.com.”
WHAT TO DO
Delete! Delete! Delete! And delete it from your trash folder so it is completely out of your computer system. Do not click on any of the links! It goes to some obscure address like “https://cdn-s.de/cgi-bin/index.php?xxxxxxx” (I do not post the whole link because someone might click on it from this post). It looks like this is a code that goes to your domain server’s coding folder where it will propagate serious damage.
If you have time, please report the fake email (and all other suspicious email) to the Federal Trade Commission. Help protect the rest of the world.
This email was sent to my technical support address. So I assume it was meant to go to someone who had access to the inner workings of a website.
Notice how the top line of the messages (supposedly quarantined) looks like it has something to do with a payment? Notice also how there are several links to “Release”? These are catchy words/phrases to tempt you into seeing what you might be missing.
*********************
Here is the rest of the actual message:
Dear Mail User [su*****@wy***********.com]
The links go here:
Important: Some incoming messages have been placed in your Personal Quarantine.
This pending messages will be deleted automatically after 7 days.
| Quarantined email | |||
|---|---|---|---|
| Recipient: | Subject: | date: | |
| Release | (su*****@wy***********.com) | Remittance Payment Advice For MT103 | 30/04/2020 |
| Release | (su*****@wy***********.com) | Re: Re: Contract | 30/04/2020 |
| Release | (su*****@wy***********.com) | Re: SALES ORDER CONFIRMATION | 30/04/2020 |
| Release | (su*****@wy***********.com) | Payment Invoice N96A4456 | 30/04/2020 |
| Deliver all Messages | |||
Note : This message was sent by the system for notification only. Please do not reply
If this message lands in your spam folder, please move it to your inbox folder for proper interrogation:
This mail is protected to [YOUR REAL ADDRESS]
Ⓒ 2020 Cyber Security Alert . All Rights Reserved.
***************
Here’s a variation of the same evil scheme:
The links go to this Denmark server:
https://cdn-s.de
Subject: ITsupport Mail Quarantine Notification
Email Notification:
Important: Some incoming messages have been placed in your Personal Quarantine.
This pending messages will be deleted automatically after 7 days.
Deliver all mails to your Inbox: Visit your Webmail Quarantine Center – CLICK HERE
Few of your quarantined messages are listed below along with the actions that can be taken.
| Envelope From: | sa***@mi**************.com |
| Subject: | Inquiry |
| Time: | Mon, 04 May 2020 08:49:14 -0700 |
| Envelope From: | ko**************@ou*****.com |
| Subject: | RE: Order Confirmation |
| Time: | Mon, 04 May 2020 08:53:51 -0700 |
| Envelope From: | an**************@sm*.com |
| Subject: | L90GZ SN/679577 |
| Time: | Mon, 04 May 2020 08:55:24 -0700 |
****************
Another Variation:
An email stating you purchased something and this was debited from your bank. The link goes to a fake website that appears to have no homepage but actually has a mischievous .ASPX file.
Subject: Credit card purchase confirmation
