Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersSupport IT fake password expiry
Dynamic

3836 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

#290205 27-Oct-2021 15:11
Send private message

Is anyone else seeing these fake 365 password expiry notifications across their client base?  We've had three clients report it so far.  Supposedly from Support IT which caught my eye as there is a reputable local company called Support IT that looks after my kids primary school's computers.

 

 

 

 




“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

 

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management.  A great Kiwi company.

Create new topic
chevrolux
4962 posts

Uber Geek
Inactive user


  #2802057 27-Oct-2021 15:27
Send private message

Just had a bunch show up in our "general" mailboxes like info, helpdesk, accounts, etc.



Dynamic

3836 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2802059 27-Oct-2021 15:31
Send private message

Thank you @chevrolux

 

I was a touch concerned it may have been just us.




“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

 

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management.  A great Kiwi company.

clinty
1180 posts

Uber Geek

Lifetime subscriber

  #2802060 27-Oct-2021 15:34
Send private message

I got one as well - hopefully the filter grabs them shortly and they magically disappear from the inboxes

 

MS has been warning about attempts to phish MSPs, guess we look like big fish lol

 

 

 

regards,

 

Clint

 

 



freitasm
BDFL - Memuneh
79141 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2802063 27-Oct-2021 15:44
Send private message

Just normal background noise. The first clue would be the sender email domain "coolmaterial.com" which I suspect is not your company or the support company you use. Then why send this to someone at yahoo.com and copy you? Why involve someone outside your domain at all?

 

Then the text has "passowrd" - and the "use your current password to avoid losing access" since Office 365 doesn't ask you to enter a password to keep it. Also just hovering the link provided and you will see it goes to a domain that is not Office 365 and it's not your company's domain.




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

clinty
1180 posts

Uber Geek

Lifetime subscriber

  #2802064 27-Oct-2021 15:44
Send private message

had 5 minutes so threw the header into an analyzer

 

 

 

https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx?huid=7ab5e142-e9d2-4958-866d-45d8afa5881a

 

 

 

Has the X-mailer etc set as Mailchimp, so looks like it starts with Mailchimp, then bounces to Yahoo ( possibly they spoof this bit and they just drop it straight to an MS endpoint )

 

All the SPF and DKIM checks fail -X-MS-Exchange-Authentication-Results : spf=fail (sender IP is 159.223.13.158) smtp.mailfrom=015935.xyz; dkim=fail (signature did not verify) header.d=fbl.mcsv.net;dmarc=none action=none header.from=coolmaterial.com;

 

 

 

Clint

CYaBro
4565 posts

Uber Geek

ID Verified
Trusted

  #2802067 27-Oct-2021 15:55
Send private message

I got one today too.




Opinions are my own and not the views of my employer.

Dynamic

3836 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2802079 27-Oct-2021 16:19
Send private message

freitasm:

 

Just normal background noise.

 

Yes, you are of course correct.  With a few clients receiving in quick succession, there was a slight suspicion one of our contact lists had been compromised.  Any facility we have with client contact info is 2FA'd but a tiny risk always remains.




“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

 

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management.  A great Kiwi company.

 
 
 
 

Send money globally for less with Wise - one free transfer up to NZ$900 (affiliate link).
martyyn
1961 posts

Uber Geek

ID Verified
Subscriber

  #2802087 27-Oct-2021 16:32
Send private message

Yep, had a couple on clients "admin@" accounts this afternoon, not being noted as junk by Outlook though.

1101
3121 posts

Uber Geek


  #2802442 28-Oct-2021 09:04
Send private message

Dynamic:

 

Supposedly from Support IT which caught my eye as there is a reputable local company called Support IT 

 

 

Just coincidence ?
We've seen Spam supposedly coming from a company name VERY similar to ours (we got a few calls about it) .

 

fairly generic company names being used by spammers I guess .

 

Ive also had a instance where spammers would get info from a companies website , deduct who the accounts person is & their email , and use that to start sending fake invoices
and fake overdue payment emails .
I allways advise to never put staff email adresses on websites, but they never take that advice.

 

 

Create new topic





News and reviews »

Logitech G522 Gaming Headset Review
Posted 18-Jun-2025 17:00

Māori Artists Launch Design Collection with Cricut ahead of Matariki Day
Posted 15-Jun-2025 11:19

LG Launches Upgraded webOS Hub With Advanced AI
Posted 15-Jun-2025 11:13

One NZ Satellite IoT goes live for customers
Posted 15-Jun-2025 11:10

Bolt Launches in New Zealand
Posted 11-Jun-2025 00:00

Suunto Run Review
Posted 10-Jun-2025 10:44

Freeview Satellite TV Brings HD Viewing to More New Zealanders
Posted 5-Jun-2025 11:50

HP OmniBook Ultra Flip 14-inch Review
Posted 3-Jun-2025 14:40

Flip Phones Are Back as HMD Reimagines an Iconic Style
Posted 30-May-2025 17:06

Hundreds of School Students Receive Laptops Through Spark Partnership With Quadrent's Green Lease
Posted 30-May-2025 16:57

AI Report Reveals Trust Is Key to Unlocking Its Potential in Aotearoa
Posted 30-May-2025 16:55

Galaxy Tab S10 FE Series Brings Intelligent Experiences to the Forefront with Premium, Versatile Design
Posted 30-May-2025 16:14

New OPPO Watch X2 Launches in New Zealand
Posted 29-May-2025 16:08

Synology Premiers a New Lineup of Advanced Data Management Solutions
Posted 29-May-2025 16:04

Dyson Launches Its Slimmest Vaccum Cleaner PencilVac
Posted 29-May-2025 15:50








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
Hatch
GoodSync
Backblaze backup
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright