[prev in list] [next in list] [prev in thread] [next in thread]
List: roundcube-announce
Subject: [Roundcube Announce] Phishing Alert
From: Thomas Bruederli <roundcube () gmail ! com>
Date: 2019-10-28 20:36:37
Message-ID: CAO3naw6Q9mtbkQVJ=9dRNoE2P_OH1Ja4Q5oCu_1uXV8NNfkBjQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Dear Roundcube vendors
We have been receiving many reports about phishing attempts appearing out
in the wild which are targeting end users of webmail services powered by
Roundcube. The fake emails pretend to come from „Roundcube Webmail" or
alike and trick users to enter their email password on fake sites. The
attackers take advantage of the fact that most users think Roundcube is a
service like Gmail or Hotmail and aren't aware who is actually running
their email: the individual hosting providers using the Roundcube software
for their webmail service.
Please act now:
* Customize your Roundcube installation with your individual logo [1] and
product name [2]. Make sure to configure the support_url [3] and provide
proper guidance for your existing and new users.
* Inform your users about the ongoing phishing attempts and make them aware
about who is responsible for the email system they are using every day.
There is no thing like a „Roundcube webmail service".
* Secure your SMTP server to deny sending with arbitrary sender addresses.
This is a general suggestion but also helps avoiding fraudulent messages
being sent from your hosts.
Help us to fight phishing and protect your users!
Kind regards,
Thomas
[1]
https://github.com/roundcube/roundcubemail/blob/master/config/defaults.inc.php#L393
[2]
https://github.com/roundcube/roundcubemail/blob/master/config/defaults.inc.php#L597
[3]
https://github.com/roundcube/roundcubemail/blob/master/config/defaults.inc.php#L389
[Attachment #5 (text/html)]
<div dir="ltr"><div><div dir="auto">Dear Roundcube vendors<br></div><div \
dir="auto"><br></div><div dir="auto">We have been receiving many reports about \
phishing attempts appearing out in the wild which are targeting end users of webmail \
services powered by Roundcube. The fake emails pretend to come from „Roundcube \
Webmail" or alike and trick users to enter their email password on fake sites. The \
attackers take advantage of the fact that most users think Roundcube is a service \
like Gmail or Hotmail and aren't aware who is actually running their email: the \
individual hosting providers using the Roundcube software for their webmail \
service.</div> <br>
Please act now:<br>
<br>
* Customize your Roundcube installation with your individual logo [1] and product \
name [2]. Make sure to configure the support_url [3] and provide proper guidance for \
your existing and new users.<br> <br>
* Inform your users about the ongoing phishing attempts and make them aware about who \
is responsible for the email system they are using every day. There is no thing like \
a „Roundcube webmail service".<br> <br>
* Secure your SMTP server to deny sending with arbitrary sender addresses. This is a \
general suggestion but also helps avoiding fraudulent messages being sent from your \
hosts.</div><div><br></div><div>Help us to fight phishing and protect your \
users!</div><div><br></div><div>Kind \
regards,</div><div>Thomas<br></div><div><br></div><div>[1] <a \
href="https://github.com/roundcube/roundcubemail/blob/master/config/defaults.inc.php#L \
393">https://github.com/roundcube/roundcubemail/blob/master/config/defaults.inc.php#L393</a></div><div>[2] \
<a href="https://github.com/roundcube/roundcubemail/blob/master/config/defaults.inc.ph \
p#L597">https://github.com/roundcube/roundcubemail/blob/master/config/defaults.inc.php#L597</a></div><div>[3] \
<a href="https://github.com/roundcube/roundcubemail/blob/master/config/defaults.inc.ph \
p#L389">https://github.com/roundcube/roundcubemail/blob/master/config/defaults.inc.php#L389</a></div>
</div>
_______________________________________________
Roundcube Announcement mailing list
announce@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/announce
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic