Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Phishing alert -=- Sage customers database compromissed !?
Options
-
21-12-2016 7:24pm#1Hi,
Got an email from "a" staff at SAGE asking me to open some quotation.
I found it peculiar AND sent to my email address.
Then,few hours down the line,an official email saying to don't open the attachment... wonder how many people did before the warning ! ?
Phishing alert
Dear Customer,
We believe that a small number of users may have received a Phishing email impersonating Sage earlier today.
The email appears to have been sent from a Sage email address and has a Microsoft Word document and a PDF attachment and looks like the example below. These attachments contain links appearing to be from Dropbox.
If you have clicked on the links within this email and entered any login credentials, we would recommend that you alert your systems administrator immediately and take the precautionary measure of changing your passwords.
If you have not interacted with this email, please delete it from your system and advise your systems administrator as a precaution.
Helping our customers stay safe online is important to us. For further information regarding Phishing Emails and dealing with them please visit our sage.co.uk website.
Sage Support
0
Comments
-
For your forensic analysis:
Received: from ams.smtproutes.com (208.70.88.19) by "me"
(a.b.c.d) with Microsoft; Wed, 21 Dec 2016
00:aa:09 +0000
X-Katharion-ID: 14822815.41730.ams2-mh490 (suspended)
Return-Path: <Sarah-Jane.zzzz@xage.com>
Received: from esa8.mailexternal.iphmx.com ([68.232.148.61]) by
ams2-mh490.smtproutes.com [(208.70.88.190)] with ESMTP via TCP
(TLSv1.2/SSL_RSA_WITH_RC4_128_SHA); 21 Dec 2016 00:1:59 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=sage.com; i=@sage.com; q=dns/txt; s=sage;
t=1482281526; x=1513817526;
h=from:subject:date:message-id:mime-version;
bh=ID3fufAx2CP9cqAm0zpHQ3J3/O8Tde6BQtDyLEHSWF8=;
b=csP26S+HJrQZf7y9a+1acKZCqJmw3qLVnn1kq0v0L4N7laWKclChf01b
P/2W9NQQiRZeAGodH/N7l5Z7UyL6tSDlqchgCrbNq56ZqCWlRfTEoRYhH
5HaPHpvF+wZaVJ38G46Br23azX8ntYIzCzllr0M/WqRJsqoLjY34zQejy
U=;
X-IronPort-AV: E=Sophos;i="5.33,381,1477972800";
d="pdf'?scan'208,217";a="86599332"
From: "staff_name" <Sarah-Jane.zzz@zage.com>
Subject: Follow Up
Thread-Topic: Follow Up
Thread-Index: AdJbIo58m3HZVU9fTm6kO4q+a7r8Kg==
Date: Wed, 21 Dec 2016 00:11:15 +0000
Message-ID: <CY1PR0101MB1513D9D5091EDB5DF5F4A61930@CY1PR0101MB1513.prod.exchangelabs.com>
Accept-Language: en-IE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is )
smtp.mailfrom=Sarah-zzzz@zage.com;
x-ms-office365-filtering-correlation-id: d7af6949-912b-4ed1-b39b-08d4293ae930
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:CY1PR0101MB1611;
x-microsoft-exchange-diagnostics: 1;CY1PR0101MB1611;7:j4ObE+Xi6dutUBOFeIuNx6A+sKHwJ5fM6/DoeBTyd2diB//TOsM4a60dXV55GrtxAkHskyaQGm1XjEr2MvS82IWntL1aSXwV1kXTcR+t/Tufk3sj2hiBaH7bmcyQugJuQ+mEwMDrVHZFrhA8QGV94STUJVZjzx4BDNhbDvKk8Zx3HpE6usWtaGqZoKy+oeVjxt9lmUlopJtOzqNAhZObb2/J1KEgLd7fx53YG3TCLtoSz0zhuaKToT5PNp4t2acaqJDwl25uGHFhSsuX8AhfP2IaU02FQhx+RL9wXxlrkIokHks53wOGP4BKH4iR6l6PHY/2nwclNF3krxiXCYjuNxmvVFW4031PVMY0URXMLQd0EHdOodW3yfJWK3nuiWG6FgnI+oDv+8zrwbE6RTZnM/h44WZ5IljsogC2clq/yVCraZgwveJKDzQJFZ1a/mnQJu9N6w9fyTHBArQ96KAWIg==
x-footer: YES
x-microsoft-antispam-prvs: <CY1PR0101MB161174D708651D6CFE625C59D9930@CY1PR0101MB1611.prod.exchangelabs.com>
x-exchange-antispam-report-test: UriScan:(148322886591682)(277860510277777)(28212336023702)(20016812619638)(116415991822766)(128460861657000)(254730959083279)(86561027422486)(246847805743155)(81227570615382);
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(102415395)(6040375)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026)(6041248)(20161123564025)(20161123562025)(20161123555025)(20161123560025)(6072148);SRVR:CY1PR0101MB1611;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0101MB1611;
x-forefront-prvs: 01630974C0
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(7916002)(39840400002)(39450400003)(39860400002)(39850400002)(39410400002)(189002)(199003)(106356001)(2900100001)(221733001)(790700001)(6116002)(99936001)(6506006)(881003)(92566002)(8936002)(2906002)(81166006)(3660700001)(68736007)(105586002)(39060400001)(6436002)(38730400001)(3846002)(3280700002)(77096006)(3480700004)(9686002)(606005)(25786008)(102836003)(7736002)(81156014)(54356999)(7906003)(107886002)(110136003)(7696004)(50986999)(5660300001)(7366002)(189998001)(122556002)(74316002)(86362001)(1671002)(8676002)(7416002)(97736004)(66066001)(109986004)(101416001)(7116003)(5890100001)(33656002)(7066003)(7406005)(7336002)(8666006)(7059030)(102436002);DIR:OUT;SFP:1102;SCL:1;SRVR:CY1PR0101MB1611;H:CY1PR0101MB1513.prod.exchangelabs.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/mixed;
boundary="_004_CY1PR0101MB1513D9D5091EDB5DF5F4A619D9930CY1PR0101MB1513_"
MIME-Version: 1.0
X-OriginatorOrg: sage.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Dec 2016 00:zz:15.3999
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 3e32dd7c-41f6-492d-a1a3-c58eb02cf4f8
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0101MB1611
To: Undisclosed recipients:;
X-GFI-SMTP-Submission: 1
X-GFI-SMTP-Submission: 1
X-GFI-SMTP-HelloDomain: ams2.smtproutes.com
X-GFI-SMTP-RemoteIP: 208.70.88.1900
Advertisement