Author Topic: [SECURITY] Apparent spearfishing/targeted attempt  (Read 216 times)

Offline bill_mcgonigle

  • Newbie
  • *
  • Posts: 1
[SECURITY] Apparent spearfishing/targeted attempt
« on: July 23, 2019, 09:06:15 AM »
[copy/paste from github, in case folks are looking here]

https://github.com/roundcube/roundcubemail/issues/6865

Quote
Hi, folks,

I found this lovely targeted message in my box this morning:

https://imgur.com/a/Gw0ExE9

I presume they're out looking for roundcubemail installations and matching up with admin emails with a purchased/stolen list of addresses.

Perhaps a general advisory would be in order? I'm guessing this is mostly targeted at users who do one-click installs with their hosting providers, not admins who are actually running their own installs and would be naturally suspicious of malfeasance. In that case, guidance might be directed towards hosting providers to alert their users that such messages will not be sent to them.

Anyway, FYI, this is in the wild, and thanks for maintaining such a useful project.