It was ironic that just after this upgrade this email came in from a client but first…
Why did we upgrade?
Security is one reason plus storage, speed and bandwidth is another. Clients can even “on sell” web hosting and make money on the side with our new Web Hosting Manager option. If they have multiple sites they can manage them all from one spot, it’s a beautiful thing. We are the only ones on this very fast server, just us. It’s a sweet deal, if you want to know more click here but that is not the point of this post.
Here is the – Beware the “Server Upgrade” Spam Email – and here’s what to look for so you don’t get caught out.
Is this legitimate?
From: system-administrator [ua.moc.derbulc@rotartsinimda-metsys:otliam]
Sent: Monday, October 19, 2009 9:34 PM
To: (email deleted for spam protection)
Subject: Attention: Server Upgrade
On October 22, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole.
For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.
This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That’s all.
(I’ve disabled the link) – htt://updates.clubred.com.au.secure.us-admins.net/ssl/id=73957959-info(at)clubred.com.au-patch974.aspx
Thank you in advance for your attention to this matter and sorry for possible inconveniences.
__________ Information from ESET NOD32 Antivirus, version of virus signature database 4523 (20091019) __________
The message was checked by ESET NOD32 Antivirus.
The short story answer is NO! – it is not legitimate, it’s a spam scam!
Why do people spam in the first place?
Harvesting and confirming contact details is the most common form of spamming with the view that they will email a person until they buy or die. It’s a numbers game, the more they have the more they will sell.
In this case it seems to be a destructive type operation, trying to get you to save a file on your PC which would wreak havoc.
Who knows, maybe it’s small penis syndrome and they’re trying to prove masculinity by being a pain in the butt. Who knows what drives these people. Perhaps force you to buy software to “save” your PC.
Here’s what to look out for!
Sub-domains is one thing. In the link everything before the “us-admins.net” is a sub-domain and is suspect. Why has my clients URL or domain become a sub-domain of someone else’s domain – danger bells, always beware!
Another issue is the email address “info(at)clubred.com.au” being displayed in the link.
Why is that suss and why is it a problem?
It is suss because it should not be displayed that way for a start.
It’s a problem because it tells us that the email address has been displayed somewhere in internet land and it’s been “skimmed”. NEVER display your email address on a website page. I’ve manually inserted the (at) to protect this email from being picked up by spammers.
That’s why God invented contact pages and opt in forms. For an email address to be skimmed means a software program has found it displayed and “pulled” the details and will spam it, probably forever. Absolute pain in the butt. Don’t do it!
I hope that helps, stay safe.