'Server Configuration Manager' Email Scam

Infosec researchers are warning users about a phishing campaign involving the dissemination of lure emails. The fake messages are presented as if coming from the user's 'Server Configuration Manager.' The claims made in these emails should be regarded as completely false and fabricated and users should in no case follow the instructions of the con artists.

The lure emails try to convince their readers that an error has emerged with their domain account. The issue supposedly appeared during an attempt to install the latest updates for the webmail server. Now, according to the deceiving emails, users risk having their account suspended unless they follow the 'Server Update' button. To appear more legitimate, the misleading emails also contain several technical details, such as sever IMAP address, server name and port number.

When users click on the button found in the emails, they will be taken to what looks like a login page asking for usernames and passwords. However, this is a phishing portal that collects all of the provided login credentials and makes them available to fraudsters. The consequences for the victims could be significant. These people could use the acquired information to compromise additional accounts, such as those for social media platforms or messaging applications and use them for nefarious purposes. Alternatively, collected credentials could be packaged and offered for sale to interested parties, which may include cybercriminal organizations.