Author Topic: Roundcube Login Alert  (Read 2900 times)

Offline ateo15

  • Newbie
  • *
  • Posts: 2
Roundcube Login Alert
« on: August 10, 2020, 05:29:29 PM »
Hello,

I received two emails yesterday stating that I'd had various unsuccessful login attempts and that my account was disabled. It then gives a link to verify the account. I've attached a picture of the email.

Just want to know whether this is genuine or a scam email.

The email sender was my email address (same email for Sender and Receiver) which makes me think it is genuine BUT I was still receiving emails normally after these Login alert emails making me think my account is NOT disabled?

Thanks for your input.

Adam

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Re: Roundcube Login Alert
« Reply #1 on: August 11, 2020, 01:52:40 AM »
That email is 100% a scam phishing email. There isn't a "Roundcube system" that would ever generate such a email and as you noted you can still login.

If you did click on the link if would ask for your password and then they would compromise your email and possibly other accounts.

Offline ateo15

  • Newbie
  • *
  • Posts: 2
Re: Roundcube Login Alert
« Reply #2 on: August 11, 2020, 01:57:28 AM »
Thank you for the reply. I did suspect as much.

I usually easily notice scam emails by the senders email address and I know by hovering over it, it sometimes shows the true sender email address.

But for this one, it does say that the sender email address is mine (ie. it is exactly the same sender and receiver email address). I am just confused at how they are able to do that?

If you have any insight that'd be great, otherwise I'm just happy to know I didn't click anything and avoided a big mistake.

Thanks

Adam

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Re: Roundcube Login Alert
« Reply #3 on: August 11, 2020, 01:27:31 PM »
There is no validation of the email address that is in the from line it can be spoofed to be anything. Its up to a spam filter to do other checks on the message to decided if the email if the sender is valid or not.