I tend to see a lot of phishing emails. The message I received this morning caught my eye. It was fairly well crafted and obviously targeted. After searching the Internet, I found that some GoDaddy customers have received something similar. This seems to be making its way around the internet to website administrators. The most curious thing to me is how someone associated the email address with a Hostmonster account.
Phishing Email Message
As can be seen above, the message read–
Your account contains more than 4035 directories and may pose a potential performance risk to the server. Please reduce the number of directories for your account to prevent possible account deactivation.
In order to prevent your account from being locked out we recommend that you create special temp directory.
The link goes to kct67<dot>ru.
Message headers also suggest a Russian origin–
Received: by 10.140.27.139 with SMTP id 11csp1084546qgx; Tue, 17 Nov 2015 20:25:39 -0800 (PST) X-Received: by 10.25.161.211 with SMTP id k202mr1408853lfe.161.1447820739327; Tue, 17 Nov 2015 20:25:39 -0800 (PST) Return-Path: <[email protected]> Received: from bmx1.z8.ru (bmx1.z8.ru. [22.214.171.124]) by mx.google.com with ESMTPS id xd10si580044lbb.198.2015.11.17.20.25.39 for <[email protected]> (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 17 Nov 2015 20:25:39 -0800 (PST) Received-SPF: pass (google.com: domain of [email protected] designates 126.96.36.199 as permitted sender) client-ip=188.8.131.52; Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 184.108.40.206 as permitted sender) [email protected] Received: from pike.intph ([10.13.29.0] helo=pike.z8.ru) by bmx1.z8.ru with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <[email protected]>) id 1ZyuJH-000K6k-JN for [email protected]; Wed, 18 Nov 2015 07:25:31 +0300 Received: (from [email protected]) by pike.z8.ru (8.14.5/8.13.8/Submit) id tAI4P7lP079360; Wed, 18 Nov 2015 07:25:07 +0300 (MSK) (envelope-from qce)
My word of advice would be that site administrators exercise caution when opening messages from their hosting providers. In addition, it certainly makes sense to change applicable passwords on a regular basis.