Interesting.
-
Interesting. Hackers are mistaking Mastodon user profile account addresses for email addresses and sending fake roundcube phishing emails to the few accounts I have on my self-hosted instance in hopes of getting credentials.
"Roundcube Found Several Undelivered Messages"
I only received it because my domain has catch-all email turned on that will forward any email for email accounts that don't exist to a special email address.
The emails come from "Restoredesk.oldfriends.live <[email protected]>", pass spf and ip 79.141.160.47. Link below, which is Dropbox owned "DocSendDotCom"
Be careful if you host your own instance and have catch-all email setup and this slips past your little grey cells.
Copyright © 2024 NodeBB | Contributors