Phishing mail claiming “multiple billing error”

By | April 22, 2024

A customer email account was hijacked and used to send phishing mail to other addresses that claimed to be from, asking recipients to log on to “retract the multiple charges”.  Following this link would take you to a real-looking copy of a Zimbra email login, where logging in would reveal your password to the bad guys, who would then use your account to send more phishing mail.

The customer whose account was used to send this mail fell for a different phishing email and revealed their password.

This particular email came from an IP number in the UK, but the fake login page it links to was in Turkey.

If you received one of these, delete it.