Do not click the link..
A phishing mail has been sent to some Kolab Now customers. Our Support team was alerted by observant and attentive users, and our Operations team was able to take preventive action before the mail was spread more widely.
We know that a few copies of the mail had slipped through our standard anti-spam and anti-phishing measures to a few users before the stream was stopped, so in case you have received the mail described below, here is what it looks like, and what to do with it. Further down this post, we’ll outline some rules of thumb in a more generic context.
The mail subject is:
Kolabnow: Three Pending Massages
..and the body reads:
Dear Customer: your three incoming mails were placed on pending status due to the recent upgrade to our database. In order to receive the messages Login Here http://kids.bookgardenacademy.com/content/index.php?email=your.email@mykolab.com and wait for responds from HELP DESK We apologize for any inconvenience and appreciate your understanding. Regards, Kolabnow
The form and information in the mail is clever, and the grammar is acceptable — spelling errors notwithstanding. This makes it difficult to recognize it as illegitimate right away. There is however one thing that sticks out. The link points to a domain which is not Kolab Now, and has no connection to Kolab Now. This is a clear warning sign, that something is wrong.
Since we’re in the business of protecting our users against this sort of nonsense, let us sandbox this and take a screenshot. You’ll notice this is definitively not a Kolab Now site.
Looking at the header, it turns out, that the ‘From:’ address not what it pretends to be either;
From: Customer Service <m****@t-online.de>
There are many other pointers to be found in the header, but we will stick with these two points for now. If something looks as if it is not right (like the two points mentioned above), then it probably is not right.
If you have received such a mail on the 27th of December 2018, then here is what to do with it:
- Do NOT click the link!
Clicking the link will confirm the email address is active, the mail is read, and the reader is susceptible, to some level, to phishing.
- Delete the mail.
You can also forward the email (preferably as an attachment) to support@kolabnow.com.
- Celebrate that you have avoided troubles.
More General Rules of Thumb
-
Kolab Now support, operations and such and so forth doesn’t ever send you a link with a pre-filled username.
Period.
-
Kolab Now customers are pointed to kolabnow.com, apps.kolabnow.com, blogs.kolabnow.com and kb.kolabnow.com. Our support system runs on bifrost.kolabsystems.com, an exception to the rule of everything being on the kolabnow.com domain.
Each of them is properly secured with a duly issued certificate. If you’re ever linked to something else, or worse, something over plaintext http, please don’t hesitate to contact support@kolabnow.com.
- Forward mails you think are suspicious, preferably as attachments, to support@kolabnow.com.