Howdy,
I've seen some some time and in distinct users, a redirect script been added to an email that has nothing to do with them.
Maybe it's for fishing or other intention, maybe even espionage, which is real nowadays.
Did anyone saw this in your users?
I catched this in a regular "mailq" investigation for problems
Hi!
It’s a typical mail “stealing” technique. We created a patch for Roundcube, for notifying our customers about this kind situation.
Cheers,
Egoitz Aurrekoetxea Dpto. de sistemas 944 209 470 Parque Tecnológico. Edificio 103 48170 Zamudio (Bizkaia) egoitz@sarenet.es mailto:undefined www.sarenet.es http://www.sarenet.es/ Antes de imprimir este correo electrónico piense si es necesario hacerlo.
El 21 jun 2019, a las 21:53, Jorge Bastos mysql.jorge@decimal.pt escribió:
Howdy,
I’ve seen some some time and in distinct users, a redirect script been added to an email that has nothing to do with them. Maybe it’s for fishing or other intention, maybe even espionage, which is real nowadays.
Did anyone saw this in your users? I catched this in a regular “mailq” investigation for problems
<image001.png> _______________________________________________ Roundcube Users mailing list users@lists.roundcube.net mailto:users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users http://lists.roundcube.net/mailman/listinfo/users
Hi Egoitz,
Sorry for the delay, would you like to share the script, public or privately?
Jorge,
On 2019-06-24 7:27, Egoitz Aurrekoetxea wrote:
Hi!
It’s a typical mail “stealing” technique. We created a patch for Roundcube, for notifying our customers about this kind situation.
Cheers,
Egoitz Aurrekoetxea Dpto. de sistemas 944 209 470 Parque Tecnológico. Edificio 103 48170 Zamudio (Bizkaia) egoitz@sarenet.es www.sarenet.es [1] Antes de imprimir este correo electrónico piense si es necesario hacerlo.
El 21 jun 2019, a las 21:53, Jorge Bastos mysql.jorge@decimal.pt escribió:
Howdy,
I’ve seen some some time and in distinct users, a redirect script been added to an email that has nothing to do with them. Maybe it’s for fishing or other intention, maybe even espionage, which is real nowadays.
Did anyone saw this in your users? I catched this in a regular “mailq” investigation for problems
<image001.png>_______________________________________________ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Links:
[1] http://www.sarenet.es _______________________________________________ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
-
Egoitz Aurrekoetxea -
Jorge Bastos