Warning: email scam aimed at website owners.

Confession time. I just got scammed. Yep. I know the dangers, I’ve spotted scams before, but this time I fell for it and for 5 minutes or so my account was vulnerable to attack. Thankfully I realised what was happening fast and was able to fix things quickly, but this scare has made me all the more wary of opening emails and clicking on web links.

I received an email which I have reproduced in full below.

Straight away I was thinking ‘Oh no, what has happened, who could have hacked into my account.’

I guess because I thought I was already hacked, I was not suspicious that this email itself was the scam.

I clicked on the link in the email (mistake!) to login to my bluehost account to ‘re-activate’ it and see what the problem was. It asked me for my password a second time, which made me suspicious. I then carefully re-read the email below and noticed that the address in the link was:

http://my.bluehost.com.eebe038e47780c96e2762b5e2003cef7.kristenione.com/account/9120/reactivation.html

This is obviously is a scam, because the domain name (in the middle) is “kristenione.com” but unfortunately I had only read the start – “my.bluehost.com”

So by clicking on the link and logging in I have actually given these people my login and password for my bluehost account.

Luckily I twigged to what was happening, so I quickly logged into my c-panel and changed the password. I also changed the password to my SQL database in case they had beaten me to it.

I have also now enabled 2-factor authentication which will protect against this in the future. I was not aware that Bluehost offered 2-factor authentication but they do. It uses the Google Authenticator app.

Here’s the scam email. I wonder if you would have been fooled.

“Hello, WAYNE CONNOR

We are contacting you today because we have disabled your outbound email services temporarily.

The reason for this is because you’ve got a forum that spammers were subscribing to to get messages sent out. They used a spam trap email address that actually resulted in our mail server getting blacklisted.

We need you to add protection to it so it isn’t being exploited in the future. You will need to contact us and let us know this has been resolved for us to restore your email services. For protection, we ask that you require an account to subscribe to topic notifications if you haven’t already. We also ask that you add protection to your sign-up page so that spammers cannot automate it. You can do this by using a captcha or something similar to that.

To activate your account, please visit our BlueHost account reactivation center.

Use the link below: http://my.bluehost.com.eebe038e47780c96e2762b5e2003cef7.kristenione.com/account/9120/reactivation.html

Thank you,

BlueHost.com Terms of Service Compliance

http://www.bluehost.com

For support go to http://helpdesk.bluehost.com/

Toll-Free: (888) 401-4678″

Posted

August 3, 2018

hacks, scam

New Posts

New ThemeAugust 16, 2023
Can I zoom the MacBook Pro camera in a Zoom meeting?July 30, 2023
How to sync your iPad without using your iCloud dataJuly 28, 2023

Latest Comments

Wayne on GTD with Apple remindersAugust 16, 2023
Yes, I just used relative rage is in the last year.
Stephen on GTD with Apple remindersAugust 16, 2023
One Last question, how did you filter your overdue smart list. I have been using relative range past year but…
Wayne on GTD with Apple remindersAugust 14, 2023
I’ve got to admit the iOS app is not as easy to use as the desktop one!

Article Categories

Comments

6 responses to “Warning: email scam aimed at website owners.”

Denise
August 9, 2018
Just got a call from a client who got fooled by the exact same email scam. Even took me a while to think that it might be a scam it seemed so real. Must be a pretty new scam, as your article here was the first/only I found about it via Google search. Thanks for sharing!
Reply
Trent
December 15, 2018
Received a similar message this morning… something didn’t seem right, so I did a quick search and found this post. THANK YOU!
Reply
David Ingersoll
December 25, 2018
I got this email this morning. I’m always suspicious of emails that include links so I googled and found your article. Thank you! The tip to really look at the url will be especially helpful the next time I get something like this.
Reply
Blognybox
January 17, 2019
I received one this evening but caught on quickly because of the suspicious “activation” link.
Reply
Jon
November 16, 2019
Just got the same email twice! Thankfully it got caught by gmail spam filter and threw some warnings at me.
I mean it looks SOOO real BUT I was able to log in to my account normally and check that my message account had not been hacked or disabled.
Here is the message.
“We are contacting you today because we have disabled your outbound email services temporarily. The reason for this is because you’ve got a forum that spammers were subscribing to to get messages sent out. They used a spam trap email address that actually resulted in our mail server getting blacklisted.
We need you to add protection to it so it isn’t being exploited in the future. You will need to contact us and let us know this has been resolved for us to restore your email services.
For protection, we ask that you require an account to subscribe to topic notifications if you haven’t already. We also ask that you add protection to your sign-up page so that spammers cannot automate it. You can do this by using a captcha or something similar to that.
To activate your account, please visit our BlueHost account reactivation center. Use the link below:
http://my.bluehost.com.[letter and numbers].[SPAMSITE].com/account/72936/reactivation.html
Thank you,
BlueHost.com Terms of Service Compliance
http://www.bluehost.com
For support go to http://helpdesk.bluehost.com/
Toll-Free: (888) 401-4678″
Reply
Megan
November 19, 2019
Wow – appreciate the heads up. I was trying to figure out what the heck they were talking about, and Google led me here. THANK YOU.
Reply