We have started to see a wave of spam emails coming in to some of our Postini customers. This email has a customized subject with a claim that you need to reset your password. The link appears to be to your own domain, but in fact it goes to a site that attempts to install malware on your computer. We are working with Postini to update their filters to block this. You can build a content filter that you can apply to your settings to block any future emails that fit this specific signature.
Postini Content Filter
- Login to your Postini Administrative Console
- Access the User Org
- Access Content Manager
- Create new custom rule with these parameters
Match: Any Rule
Subject Line – Contains Text: Please confirm your email to
Entire Message – Contains Text: http://equitativo.com.ar
Entire Message – Contains Text: CONFIRM REQUEST AND RESET PASSWORD
Routing: Delete (Blackhole)
Copy to Quarantine: Add Quarantine Address: Recipient - Hit Save and this filter will be applied. We chose to send it to the Quarantine in case this filter catches any false positives.
MxToolbox has partnered with WebRoot to offer Web Filtering to protect your network from attacks through the web browser. For more details on the protection that this program can offer, go here.
Example of the SPAM email 1:
From: ‘domain.com‘ [mailto:supportdomain.com]
Hello, jgonzo@domain.com. We received your request to reset your growth-capital.com password. To confirm your request and reset your password, follow the instructions below. Confirming your request helps prevent unauthorized access to your account. If you didn’t request that your password be reset, please follow the instructions below to cancel your request. CONFIRM REQUEST AND RESET PASSWORD CANCEL PASSWORD RESET Thank you, NOTE: Please do not reply to this message, which was sent from an unmonitored e-mail address. Mail sent to this address cannot be answered. |
Example of the SPAM email 2: From: ‘domain.com‘ [mailto:supportdomain.com] New secret questions were added to your domain.com account. To ensure that your account information remains accurate and secure we This change request was made on Mon, 28 Jun 2010 16:53:43 -0600 If the changes described above are accurate, no further action is http://standhostesi.org/index2.html“>https://edit.domain.com/ forgot?stage=fe100&src=&intl=us&done=&partner Regards, Please do not reply to this message. Mail sent to this address cannot be answered. |
Example of the SPAM email 3: From: ‘domain.com‘ [mailto:supportdomain.com] Subject: UPS INVOICE NR4929910.
|
Pingback: Tweets that mention Postini Spam with Malware – Reset your “domain.com” password « MxToolBox Blog -- Topsy.com
All of my client’s using Postini recieved this message yesterday between 11:15am and 12:15pm EST.
Very helpful post, thank you.