Okay, this is a neat attack...

Fri 22 August 2014

This morning I received an email from my "administrator" saying that I needed to validate my email address within the next 48 hours or my email account would be suspended.  Seeing as how I'm my own email administrator, I couldn't remember sending out such a message, I decided that this was likely spam.  I'm always interested in seeing how these attacks are actually going to be played out so I clicked on the link.

[caption id="attachment_1309" align="aligncenter" width="521"]OWA Verify Screen OWA Verify Screen[/caption]

Neat, Microsoft-y looking screen!  And it looks like the backend is WordPress!  It looks like the attacker is using the account system in WordPress to collect the information.  When you submit your information for validation you get this response:

Your information was successfully submitted, please ensure that you entered your email details correctly; to enable us complete your security updates. If you have entered your details wrongly kindly click back and refill in details correctly. N.B Please be informed that filling in the wrong details will be resulting to the deactivation of your email address.

I'm guessing my address will not be closed down, since I did not provide my correct email information.  I don't know, maybe I'll disable my own email... you know, just for the weekend.

By Sparks, Category: Information Security