Aug 03

Confession time. I just got scammed. Yep. I know the dangers, I’ve spotted scams before, but this time I fell for it and for 5 minutes or so my account was vulnerable to attack. Thankfully I realised what was happening fast and was able to fix things quickly, but this scare has made me all the  more wary of opening emails and clicking on web links.

I received an email which I have reproduced in full below.

Straight away I was thinking ‘Oh no, what has happened, who could have hacked into my account.’

I guess because I thought I was already hacked, I was not suspicious that this email itself was the scam.

I clicked on the link in the email (mistake!) to login to my bluehost account to ‘re-activate’ it and see what the problem was. It asked me for my password a second time, which made me suspicious.  I then carefully re-read the email below and noticed that the address in the link was:

http://my.bluehost.com.eebe038e47780c96e2762b5e2003cef7.kristenione.com/account/9120/reactivation.html

This is obviously is a scam, because the domain name (in the middle) is “kristenione.com” but unfortunately I had only read the start – “my.bluehost.com”

So by clicking on the link and logging in I have actually given these people my login and password for my bluehost account.

Luckily I twigged to what was happening, so I quickly logged into my c-panel and changed the password. I also changed the password to my SQL database in case they had beaten me to it.

I have also now enabled 2-factor authentication which will protect against this in the future.  I was not aware that Bluehost offered 2-factor authentication but they do. It uses the Google Authenticator app.

Here’s the scam email. I wonder if you would have been fooled.

 

“Hello, WAYNE CONNOR

We are contacting you today because we have disabled your outbound email services temporarily.

The reason for this is because you’ve got a forum that spammers were subscribing to to get messages sent out. They used a spam trap email address that actually resulted in our mail server getting blacklisted.

We need you to add protection to it so it isn’t being exploited in the future. You will need to contact us and let us know this has been resolved for us to restore your email services. For protection, we ask that you require an account to subscribe to topic notifications if you haven’t already. We also ask that you add protection to your sign-up page so that spammers cannot automate it. You can do this by using a captcha or something similar to that.

To activate your account, please visit our BlueHost account reactivation center.

Use the link below: http://my.bluehost.com.eebe038e47780c96e2762b5e2003cef7.kristenione.com/account/9120/reactivation.html

Thank you,

BlueHost.com Terms of Service Compliance

http://www.bluehost.com

For support go to http://helpdesk.bluehost.com/

Toll-Free: (888) 401-4678″

 

One Response to “Warning: email scam aimed at website owners.”

  1. Denise says:

    Just got a call from a client who got fooled by the exact same email scam. Even took me a while to think that it might be a scam it seemed so real. Must be a pretty new scam, as your article here was the first/only I found about it via Google search. Thanks for sharing!

Leave a Reply

Copyright © 2013 Wayne Connor. All rights reserved. | Hosted on bluehost.com Click here to find out why.
preload preload preload
css.php