Confession time. I just got scammed. Yep. I know the dangers, I’ve spotted scams before, but this time I fell for it and for 5 minutes or so my account was vulnerable to attack. Thankfully I realised what was happening fast and was able to fix things quickly, but this scare has made me all the more wary of opening emails and clicking on web links.
I received an email which I have reproduced in full below.
Straight away I was thinking ‘Oh no, what has happened, who could have hacked into my account.’
I guess because I thought I was already hacked, I was not suspicious that this email itself was the scam.
I clicked on the link in the email (mistake!) to login to my bluehost account to ‘re-activate’ it and see what the problem was. It asked me for my password a second time, which made me suspicious. I then carefully re-read the email below and noticed that the address in the link was:
http://my.bluehost.com.eebe038e47780c96e2762b5e2003cef7.kristenione.com/account/9120/reactivation.html
This is obviously is a scam, because the domain name (in the middle) is “kristenione.com” but unfortunately I had only read the start – “my.bluehost.com”
So by clicking on the link and logging in I have actually given these people my login and password for my bluehost account.
Luckily I twigged to what was happening, so I quickly logged into my c-panel and changed the password. I also changed the password to my SQL database in case they had beaten me to it.
I have also now enabled 2-factor authentication which will protect against this in the future. I was not aware that Bluehost offered 2-factor authentication but they do. It uses the Google Authenticator app.
Here’s the scam email. I wonder if you would have been fooled.
“Hello, WAYNE CONNOR
We are contacting you today because we have disabled your outbound email services temporarily.
The reason for this is because you’ve got a forum that spammers were subscribing to to get messages sent out. They used a spam trap email address that actually resulted in our mail server getting blacklisted.
We need you to add protection to it so it isn’t being exploited in the future. You will need to contact us and let us know this has been resolved for us to restore your email services. For protection, we ask that you require an account to subscribe to topic notifications if you haven’t already. We also ask that you add protection to your sign-up page so that spammers cannot automate it. You can do this by using a captcha or something similar to that.
To activate your account, please visit our BlueHost account reactivation center.
Use the link below: http://my.bluehost.com.eebe038e47780c96e2762b5e2003cef7.kristenione.com/account/9120/reactivation.html
Thank you,
BlueHost.com Terms of Service Compliance
http://www.bluehost.com
For support go to http://helpdesk.bluehost.com/
Toll-Free: (888) 401-4678″
Just got a call from a client who got fooled by the exact same email scam. Even took me a while to think that it might be a scam it seemed so real. Must be a pretty new scam, as your article here was the first/only I found about it via Google search. Thanks for sharing!
Received a similar message this morning… something didn’t seem right, so I did a quick search and found this post. THANK YOU!
I got this email this morning. I’m always suspicious of emails that include links so I googled and found your article. Thank you! The tip to really look at the url will be especially helpful the next time I get something like this.
I received one this evening but caught on quickly because of the suspicious “activation” link.
Just got the same email twice! Thankfully it got caught by gmail spam filter and threw some warnings at me.
I mean it looks SOOO real BUT I was able to log in to my account normally and check that my message account had not been hacked or disabled.
Here is the message.
“We are contacting you today because we have disabled your outbound email services temporarily. The reason for this is because you’ve got a forum that spammers were subscribing to to get messages sent out. They used a spam trap email address that actually resulted in our mail server getting blacklisted.
We need you to add protection to it so it isn’t being exploited in the future. You will need to contact us and let us know this has been resolved for us to restore your email services.
For protection, we ask that you require an account to subscribe to topic notifications if you haven’t already. We also ask that you add protection to your sign-up page so that spammers cannot automate it. You can do this by using a captcha or something similar to that.
To activate your account, please visit our BlueHost account reactivation center. Use the link below:
http://my.bluehost.com.[letter and numbers].[SPAMSITE].com/account/72936/reactivation.html
Thank you,
BlueHost.com Terms of Service Compliance
http://www.bluehost.com
For support go to http://helpdesk.bluehost.com/
Toll-Free: (888) 401-4678″
Wow – appreciate the heads up. I was trying to figure out what the heck they were talking about, and Google led me here. THANK YOU.