HOW CAN WE HELP YOU TODAY?

1
Knowledgebase: Announcements
Scam Alert : Your account has been hacked
Posted by Melvin B on 13 November 2018 08:08 PM

What is scam mail?
Scam mail can take the form of fake hacking threat, lotteries and prize draws, get-rich-quick schemes, bogus health cures, investment scams and pyramid schemes. Sometimes these can be sent to you if a scammer has got hold of your Email address fraudulently.

How can you tell?
Some scam emails can be very convincing, (especially if they address you personally), but there are a few things to be on the look-out for.

Asks for personal details
Bad grammar
Doesn’t care about your skills
Instant job offer

Recently you might have noticed emails with the below subjects:

Security Alert. Your account has been hacked. Password must need to be Changed.
Your Account is hacked
All personal details are hacked.
Your password must be need changed (your password:xyzaye)

For Example, please refer the below screen-shot:

Scam Mail Example

 

Case 1 : The mail can be a spoofed mail with a Scam content

 

1. What is spoofing?

 

Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual sender.

2. How to identify a spoofed mail?

  • You can easily identify a spoofed mail by checking the "From" address with the same affected email address and was not sent from the authorized sender.
  • In the spoofed mail, the SPF record will mostly be mentioned as “Neutral, Softfail”

             Sample header: “Received-SPF: Softfail (domain owner discourages use of this host)

3. How to find the Header of an Email?

Refer the following documentation for the steps: https://mxtoolbox.com/public/content/emailheaders/

Solution to the Spoofing Issue on our Infrastructure:

  • Adding a strict SPF record based on your hosting package.

Business and Enterprise Email Hosting

v=spf1 include:_spf.mailhostbox.com -all

Shared Windows Hosting

v=spf1 mx a a:outbound.webhostbox.net -all

VPS Server (India)

v=spf1 +a +mx +a:outbound-aus.webhostbox.net -all

Shared Linux Hosting

If they are using shared server to send mails, please add "-all" by replacing "~all"

NOTE: If you are sending emails from any other provider then please include the sending server details in the SPF record.

 

Case 2: Scam mail coming from a different Email account.

1.What should you do next?

  • You can simply ignore the mail. Please don't disclose the personal details or sent back details for such emails.
  • If you would like to complain about the mail then you can find the abuse contact email account for the sender domain from the below link:

       https://www.whois.net/

For example:

If you get a scam mail from [email protected]onlyfordemo.com, you can contact the “ Registrar Abuse  Contact Email: [email protected] “  and raise your concern. The abuse contact email account for a domain can be fetched from the above-mentioned URL.

Whois lookup details

 

FAQs

1. Are our Email accounts compromised?

No. Your email accounts are not compromised. The emails you are getting is either a spoofed mail or a Scam mail.

2. Is our server Identifying the mail as SPAM?

Yes. Our server is identifying the mail as spam and the emails are landing in SPAM/JUNK folder. If you check the header of the mail then you can find the mail tagged as “X-CMAE-Score: 100”.

3. How can we avoid spoofed mail?

      We can avoid this by updating the Strict SPF record in the Zone file of the domain. By updating the strict SPF record, the recipient mail server will reject the mails from unauthorized senders.

4. How to tell if an email is a scam?

  • Incomplete/misspelled words
  • Requires immediate action
  • Request to enter personal information
  • Web site link on the page
  • Unknown attachment

5.  Can we completely avoid scam mail reaching the INBOX?

No, In every case the scammer may use different subject and the different body, so creating a filter globally won't help, it can also block legitimate emails.