IMHO, I do not think this is a targeted scan to RoundCube users. RoundCube is only an IMAP client just as are any other software. Nothing in the quoted content seems to indicate that this was generated using RoundCube. You happen to use RoundCube as your IMAP client to look at your email. I also do that when not using my main PC, which is using ThunderBird. I think this was only a phishing that targeted you for some other unknown reason. But this is my only opinion here. If you look at the source code of RoundCube, I am sure you could find the place where the name of the IMAP client is coded and change it to anything else. JFM On Sun, Oct 12, 2025 at 5:39 PM Katie via linux <linux [ at ] linux-ottawa [ dot ] org> wrote: > Hi Rob, > > This is interesting, thank you for sharing. "They" are getting really > scummy, I was targeted through my GC Collab profile, which means that > they are targeting government employees and systems too. Luckily, I > think there is zero tolerance if they find out it was a Government of > Canada employee (inside job). > > Has anyone reported these incidents to law enforcement? You may find the > link at > https://www.ibc.ca/stay-protected/protect-your-business/cyber-safety > helpful to use or share. > > Thank you for reporting, > Katie > > On 2025-10-12 16:34, rob [ at ] echlin [ dot ] ca via linux wrote: > > I got a couple of these from different source addresses. > > > > Source email on this one is: takise [ at ] p-alt [ dot ] co [ dot ] jp > > > > Posting as an example of more focused email scams arising, possibly > > using AI to get at something as niche as RoundCube. > > Really small groups like Roundcube users are not safe from attack. > > > > Rob > > > > After the image: > > > > The source code of the image part of the email. > > Some line breaks and bold added for clarity. > > > > <!DOCTYPE html> <html lang="en"> > > <head> > > <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> > > <meta charset=utf-8> <meta http-equiv="X-UA-Compatible" > > content="IE=edge"> > > <title>Retrieve Delayed Mails</title> > > <style> body { font-family: Roboto, sans-serif; background-color: > > #f4f4f4; color: #2c363a; font-size: 14px; } .container { max-width: > > 680px; > > margin: 20px auto; background-color: #ffffff; padding: 20px; /* > > Removed > > border */ } h2 { font-size: 1.5em; color: #333333; font-weight: bold; > > margin-top: 0; } .section { border: 1px solid #428bca; margin-top: > > 20px; > > } .section-header { background-color: #428bca; color: #ffffff; > > padding: > > 10px 15px; font-weight: bold; } table { width: 100%; border-collapse: > > collapse; font-size: 13px; } td { padding: 8px; border-top: 1px solid > > #ddd; } .actions a { display: inline-block; background-color: #348eda; > > > > color: #ffffff; padding: 10px 15px; margin: 5px 5px 0 0; > > text-decoration: > > none; border-radius: 4px; } .footer { font-size: 12px; color: #555; > > margin-top: 20px; } </style> </head> > > <body> <div class="container"> > > <h2>Client Configuration Settings for > > "echlin.ca"</h2> <div class="section"> <div > > class="section-header">Secure > > SSL / TLS Settings (Recommended)</div><table> > > <tr><td>Recipient:</td><td> > > rob [ at ] echlin [ dot ] ca</td> </tr><tr><td>Password:</td> > > <td>Use the email account's > > password.</td> </tr><tr><td>Message:</td><td> Temporary IMAP/POP3 > > server > > issues (port: 993) have delayed some incoming emails to your > > inbox.<br> > > <br> <div class="actions"> <a > > href="https://mkmhousing.co.uk/i/ic.uc.php?code=6f1e#rob [ at ] echlin [ dot ] ca" > > target="_blank">Receive all emails</a> <a > > href="https://mkmhousing.co.uk/i/ic.uc.php?code=6f1e#rob [ at ] echlin [ dot ] ca" > > target="_blank">Delete all emails</a> </div> <br> Do not reply to this > > > > automated message. </td> </tr><tr><td>Date:</td><td>This notice was > > generated on Saturday, September 27, 2025.</td> </tr> </table> </div> > > <div class="footer"> A mobile configuration file for use with iOS and > > macOS Mail.app is attached to this message.<br> © 2025 echlin.ca > > cPanel, L.L.C. </div> </div> </body> > > </html> > > To unsubscribe send a blank message to linux+unsubscribe [ at ] linux-ottawa [ dot ] org > To get help send a blank message to linux+help [ at ] linux-ottawa [ dot ] org > To visit the archives: https://lists.linux-ottawa.org > >