How the new spam scheme works:
Over the past week or so, we have become aware of a new spam scheme going around via email. Spammers are now sending emails that look like legitimate communications from email server administrators (see the example above). The idea is that these emails will trick their recipients into clicking on a link or opening an attachment that will infect their computers with spyware or viruses.
How to tell if an email is part of the scheme:
So how do you tell whether an email is actually a communication from your administrator or a phishing email that could infect your computer with malware? Well, a good rule of thumb is that if an email tells you to open an attachment or click on a link to download something, it is probably part of a spam scheme (just like the email pictured above). If you happen to be one of 3n1media’s email hosting clients, you can know with 100% assurance that we will NEVER email you a link to click on blindly to perform updates.
What to do if you receive one of these phishing emails:
If you receive a phishing email masquerading as a communication from your email server administrator, DO NOT click on any links or open any attachments, and DO delete the email immediately. If you have clicked on a link or opened an attachment from one of these emails, make sure to do a virus scan with your installed software, or let us know, and we can have a look at your system. This phishing scheme is only targeted at PC users for now, so Mac users should be in the clear.
I have a spam filter; shouldn't that catch these emails?
In short, yes. Every now and then, though, a new spam scheme will come along that makes it past the filters. The good news is that within a week or so, the filters should adjust to catch these emails, and they won't make it to your inbox any more.
Other references:
Other scams:
http://www.3n1media.com/Blog.aspx?iid=30284
What is phishing?
http://en.wikipedia.org/wiki/Phishing
Example 1:
http://blog.trendmicro.com/phishing-attack-targets-microsoft-outlook-users/
Example 2:
http://status.eapps.com/2009/10/12/warning-phishing-email-re-fake-maintenance-event/