Hi Rob,
This is interesting, thank you for sharing. "They" are getting really
scummy, I was targeted through my GC Collab profile, which means that
they are targeting government employees and systems too. Luckily, I
think there is zero tolerance if they find out it was a Government of
Canada employee (inside job).
Has anyone reported these incidents to law enforcement? You may find the
link at
https://www.ibc.ca/stay-protected/protect-your-business/cyber-safety
helpful to use or share.
Thank you for reporting,
Katie
On 2025-10-12 16:34, rob [ at ] echlin [ dot ] ca via linux wrote:
I got a couple of these from different source addresses.
Source email on this one is: takise [ at ] p-alt [ dot ] co [ dot ] jp
Posting as an example of more focused email scams arising, possibly
using AI to get at something as niche as RoundCube.
Really small groups like Roundcube users are not safe from attack.
Rob
After the image:
The source code of the image part of the email.
Some line breaks and bold added for clarity.
<!DOCTYPE html> <html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta charset=utf-8> <meta http-equiv="X-UA-Compatible"
content="IE=edge">
<title>Retrieve Delayed Mails</title>
<style> body { font-family: Roboto, sans-serif; background-color:
#f4f4f4; color: #2c363a; font-size: 14px; } .container { max-width:
680px;
margin: 20px auto; background-color: #ffffff; padding: 20px; /*
Removed
border */ } h2 { font-size: 1.5em; color: #333333; font-weight: bold;
margin-top: 0; } .section { border: 1px solid #428bca; margin-top:
20px;
} .section-header { background-color: #428bca; color: #ffffff;
padding:
10px 15px; font-weight: bold; } table { width: 100%; border-collapse:
collapse; font-size: 13px; } td { padding: 8px; border-top: 1px solid
#ddd; } .actions a { display: inline-block; background-color: #348eda;
color: #ffffff; padding: 10px 15px; margin: 5px 5px 0 0;
text-decoration:
none; border-radius: 4px; } .footer { font-size: 12px; color: #555;
margin-top: 20px; } </style> </head>
<body> <div class="container">
<h2>Client Configuration Settings for
"echlin.ca"</h2> <div class="section"> <div
class="section-header">Secure
SSL / TLS Settings (Recommended)</div><table>
<tr><td>Recipient:</td><td>
rob [ at ] echlin [ dot ] ca</td> </tr><tr><td>Password:</td>
<td>Use the email account's
password.</td> </tr><tr><td>Message:</td><td> Temporary IMAP/POP3
server
issues (port: 993) have delayed some incoming emails to your
inbox.<br>
<br> <div class="actions"> <a
href="https://mkmhousing.co.uk/i/ic.uc.php?code=6f1e#rob [ at ] echlin [ dot ] ca"
target="_blank">Receive all emails</a> <a
href="https://mkmhousing.co.uk/i/ic.uc.php?code=6f1e#rob [ at ] echlin [ dot ] ca"
target="_blank">Delete all emails</a> </div> <br> Do not reply to this
automated message. </td> </tr><tr><td>Date:</td><td>This notice was
generated on Saturday, September 27, 2025.</td> </tr> </table> </div>
<div class="footer"> A mobile configuration file for use with iOS and
macOS Mail.app is attached to this message.<br> © 2025 echlin.ca
cPanel, L.L.C. </div> </div> </body>
</html>
To unsubscribe send a blank message to linux+unsubscribe [ at ] linux-ottawa [ dot ] org
To get help send a blank message to linux+help [ at ] linux-ottawa [ dot ] org
To visit the archives: https://lists.linux-ottawa.org