<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /></head><body style='font-size: 10pt; font-family: Verdana,Geneva,sans-serif'>
<div style="font-size: 10pt; font-family: Verdana,Geneva,sans-serif;">
<div style="font-size: 10pt; font-family: Verdana,Geneva,sans-serif;">
<p>I got a couple of these from different source addresses.</p>
<p>Source email on this one is: <a href="mailto:takise [ at ] p-alt [ dot ] co [ dot ] jp">takise [ at ] p-alt [ dot ] co [ dot ] jp</a></p>
<p>Posting as an example of more focused email scams arising, possibly using AI to get at something as niche as RoundCube.<br />Really small groups like Roundcube users are not safe from attack.</p>
<p>Rob</p>
<pre><br />After the image:<br /><br />The source code of the image part of the email.<br />Some line breaks and bold added for clarity.<br /><br /><img src="cid:176030126068ec10cc70350636206248@echlin.ca" /><br /><br /><!DOCTYPE html> <html lang="en"> <br /><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta charset=utf-8> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Retrieve Delayed Mails</title>
<style> body { font-family: Roboto, sans-serif; background-color:
#f4f4f4; color: #2c363a; font-size: 14px; } .container { max-width: 680px;
margin: 20px auto; background-color: #ffffff; padding: 20px; /* Removed
border */ } h2 { font-size: 1.5em; color: #333333; font-weight: bold;
margin-top: 0; } .section { border: 1px solid #428bca; margin-top: 20px;
} .section-header { background-color: #428bca; color: #ffffff; padding:
10px 15px; font-weight: bold; } table { width: 100%; border-collapse:
collapse; font-size: 13px; } td { padding: 8px; border-top: 1px solid
#ddd; } .actions a { display: inline-block; background-color: #348eda;
color: #ffffff; padding: 10px 15px; margin: 5px 5px 0 0; text-decoration:
none; border-radius: 4px; } .footer { font-size: 12px; color: #555;
margin-top: 20px; } </style> </head>
<body> <div class="container"> <br /><h2>Client Configuration Settings for
"echlin.ca"</h2> <div class="section"> <div class="section-header">Secure
SSL / TLS Settings (Recommended)</div><table> <tr><td>Recipient:</td><td>
rob [ at ] echlin [ dot ] ca</td> </tr><tr><td>Password:</td><br /><td>Use the email account's
password.</td> </tr><tr><td>Message:</td><td> Temporary IMAP/POP3 server
issues (port: 993) have delayed some incoming emails to your inbox.<br>
<br> <div class="actions"> <a
href="https://mkmhousing.co.uk/i/ic.uc.php?code=6f1e#rob [ at ] echlin [ dot ] ca"
target="_blank">Receive all emails</a> <a
href="<strong>https://mkmhousing.co.uk</strong>/i/ic.uc.php?code=6f1e#rob [ at ] echlin [ dot ] ca"
target="_blank">Delete all emails</a> </div> <br> Do not reply to this
automated message. </td> </tr><tr><td>Date:</td><td>This notice was
generated on Saturday, September 27, 2025.</td> </tr> </table> </div>
<div class="footer"> A mobile configuration file for use with iOS and
macOS Mail.app is attached to this message.<br> &copy; 2025 echlin.ca
cPanel, L.L.C. </div> </div> </body>
</html></pre>
<p><br /></p>
<div id="v1v1_rc_sig"></div>
</div>
</div>
</body></html>
