Monthly Archives: August 2014

Okay, this is a neat attack…

This morning I received an email from my “administrator” saying that I needed to validate my email address within the next 48 hours or my email account would be suspended.  Seeing as how I’m my own email administrator, I couldn’t remember sending out such a message, I decided that this was likely spam.  I’m always interested in seeing how these attacks are actually going to be played out so I clicked on the link.

OWA Verify Screen

OWA Verify Screen

Neat, Microsoft-y looking screen!  And it looks like the backend is WordPress!  It looks like the attacker is using the account system in WordPress to collect the information.  When you submit your information for validation you get this response:

Your information was successfully submitted, please ensure that you entered your email details correctly; to enable us complete your security updates. If you have entered your details wrongly kindly click back and refill in details correctly.

N.B Please be informed that filling in the wrong details will be resulting to the deactivation of your email address.

I’m guessing my address will not be closed down, since I did not provide my correct email information.  I don’t know, maybe I’ll disable my own email… you know, just for the weekend.