I received this email from an apparently legitimate person at a legitimate company /Website.
We have not spoken before, but I service several similar clients in your industry for their technical needs. Our security team forwarded us a report of passwords and logins of yours for sale on the Dark Web. I have attached this report for reference which you should review immediately. At XYZ, we provide Fully Managed IT services. We suggest that you change the passwords on these accounts as a matter of urgency and ensure that multi-factor authentication (MFA) is enabled. If you have not been notified of these potential compromises by your IT team perhaps now is the time to review your arrangements. Let me know if you would be interested in a conversation on how we can help with this.
But it arrived in my Spam folder. Should I name and shame them?
IT Systems at High Risk
Comments
Did the attachment contain actual usernames and/or passwords of yours?
Yeah it's a .pdf.html file and you just need to log in with your Office365 credentials to view it.
See, he has harvested his half-baked information with you and tried to get your office 365 login and PW.
this is normally scammer tactic to create urgency and act upon it.
first change your PW immediately;
check any rules has been set in your email, you can google it will guide you.
remove all rules if possible and enable multifactor validation of your email.be alert and don't open any HTML or exe files and always ask for normal pdf file.
I'm not OP, is joke.
This is like pointing out to a random disabled stranger that his fly is open and offering to pull up his zip for a fee. Is that bad?
If you are a sales guy for zipperpull.com offering full service fly closing services, you probably need to be getting in touch with people with their flies open to make your numbers.
lol, that's what the unsolicited email is doing, the sales guy is getting in touch with people that he could see with their flies open. Or perhaps he has been poking and prodding to see whose fly is open, you never know.
Do you mean name and shame the service that got popped or the IT sales guy emailing you making it sound scary that he got your details from haveibeenpwned.com?
But it arrived in my Spam folder. Should I name and shame them?
For what? For their email being marked as spam by your email provider? If it's unsolicited, you already knew it was unsolicited because you didn't ask for it. That's what that means. But what do you want to shame them for, unsolicited email? Or are you assuming they want to scam you, or that they hacked you themselves…?
Shame them for trying to sell their security services to people who have been victims in the past.
I’ve worked with a lot of sales people, and I can’t think of a single one who would be the least ashamed of reaching out to a potential client - quite the opposite.
the obvious answer is to open that file on your work laptop
I don't trust anything on the internet. I never click on anything I don't know, so have no idea and no interest what his attachment contained.
The fact that it appeared in spam suggested that the sent a large dump, and my immediate thought was "Optus"
And thanks Agro, i may be over-reacting.And you waited almost 4 months to post this
Huh?
Sorry, I have been on Ozbargain since 2014. Some months ago Ozbargain wanted me to click on an email, presumably to verify my identity.
Unfortunately, I couldn't remember the email address, but it was probably hotmail that I cancelled when they wanted F2A.
Only choice appeared to be rejoinewww ……. you must be ancient if you had a hotmail account!
B O O M E R alert
@Clickbait, hang on. One of the many important things you left out is: are you in fact a director or contact person for a company or organisation?
One of the likely scenarios here is that this guy does work for an actual security company, and that one of their sales tactics is to trawl through the big public databases of compromised usernames and passwords that have been exposed by hacks. They could see that some of the emails are [email protected], look up that company, and offer IT security services. It's a bit spammy, but not particularly dodgy.
So if you are the director or contact person of a company, then no, you should not just ignore this email. At least look in to if you or any of your staff have their company emails in these public lists of hacked accounts (like haveibeenpwned.com).
If you don't know enough about computers to safely open the attachment, because you don't know how to tell what are just text files vs files that can contain executable code, then don't click it, but at least investigate, or find someone with some basic IT knowledge, who you trust, who can.
One of the likely scenarios here is that this guy does work for an actual security company
Please. Put the crackpipe down. Nobody does what you're suggesting with any legitimacy. Spamming potential clients with their own breached passwords and logins? In an email attachment? Not happening.
"Our security team forwarded us a report of passwords and logins of yours for sale on the Dark Web"
"Dark Web" is capitalised. The person who wrote that sentence is an idiot.
"At XYZ, we provide Fully Managed IT services."
Fully Managed? Oh… well they must be Fully legit! They're mixing serious messaging such as "review the report immediately" with a dumb fake sales pitch.
Only a matter of time until Clickbait is revealed as the CISO of a major bank or health service ;-)
This is a pretty clear phishing/virus email.
Exactly. It's not even subtle. It's like one of those example phishing emails that your boss makes you look at as part of a cybersecurity module with a bunch of multiple-choice questions. "What should <Employee> do next? A. Open the attached document immediately, B. Email XYZ back to ask for more information, C. Reply to XYZ with all of your passwords and ask him to check them from his end, D. …"
As a sysadmin, I can tell you without a shadow of a doubt that the email is fraudulent and looking to phish your passwords and exploit your network.
There is zero reason for a file with a double extension.
Html phishing emails are the #1 intrusion mail I see.
If you check the mail headers the mail will come from some random address with a weird extension that is not .com while the display name will look legitimate.
Don't be like stupid. Never click on any mail attachment you are not expecting, even if it comes from someone you know.
Found this in the header. helo=au.relay.xink.io;
i think that makes them professionally legitimate spammers.
This sounds like bullshit but if true means that the original website provider is storing password in plaintext right? If it's hashed then that's useless, but if not then yeah name and shame them.
Also enable 2FA.