Roundcube Community Forum
Release Support => Pending Issues => Topic started by: ateo15 on August 10, 2020, 05:29:29 PM
-
Hello,
I received two emails yesterday stating that I'd had various unsuccessful login attempts and that my account was disabled. It then gives a link to verify the account. I've attached a picture of the email.
Just want to know whether this is genuine or a scam email.
The email sender was my email address (same email for Sender and Receiver) which makes me think it is genuine BUT I was still receiving emails normally after these Login alert emails making me think my account is NOT disabled?
Thanks for your input.
Adam
-
That email is 100% a scam phishing email. There isn't a "Roundcube system" that would ever generate such a email and as you noted you can still login.
If you did click on the link if would ask for your password and then they would compromise your email and possibly other accounts.
-
Thank you for the reply. I did suspect as much.
I usually easily notice scam emails by the senders email address and I know by hovering over it, it sometimes shows the true sender email address.
But for this one, it does say that the sender email address is mine (ie. it is exactly the same sender and receiver email address). I am just confused at how they are able to do that?
If you have any insight that'd be great, otherwise I'm just happy to know I didn't click anything and avoided a big mistake.
Thanks
Adam
-
There is no validation of the email address that is in the from line it can be spoofed to be anything. Its up to a spam filter to do other checks on the message to decided if the email if the sender is valid or not.