Phishing email from “Zimbra Webmail Team”

We’re seeing more phishing email aimed at Zimbra accounts.  This example came from a hacked account in Sri Lanka, claiming to be from “Zimbra Webmail Team”:

Your Mail Box Exceeded it storage limit CLICK HERE TO UNBLOCK  or use
the link below Fill and click SUBMIT for more space or you won’t be
able to send/receive Mail.

<bogus link removed ...>

Verify Now
Best Regards,
2019/2020 © Mail Report.

The idea is to trick you into entering your email address and password on the bad guys’ server so they’ll be able to hack your account.

Our Barracuda spam filtering blocks 99%+ of this stuff, but some still gets through.

Be on the alert for suspicious-looking messages.  This one wasn’t well done, but we’ve seen some that were pretty clever, with good formatting, logos, etc.

If you want to check your disk space on a Zimbra account, log on to webmail – you’ll see an indicator in the upper-right corner that shows where you stand in terms of storage allowance.

If you want to change your password on a Zimbra account, log on to webmail and click “Preferences”.

spam.his.com links from quarantine email broken on some domains 3/11/2019 – Resolved

Update:  this has been resolved as of 11 AM EDT, 3/12/2019

Clicking the link in spam.his.com quarantine notifications in some Browsers (Chrome, Firefox) may take you to a temporary error page.  Logging in directly to https://spam.his.com works normally.

We’re working with Barracuda to remedy this.  In the meantime, log in directly to https://spam.his.com with your email address and password if you have any problems following the link from your email quarantine notification.

Phishing email – proceed with caution

Our multi-layer Barracuda spam/virus/malware filtering is very effective, but some bad things do slip through when the bad guys come up with new tricks and send email before the spam filters get updated.

Here’s an example that came in today, claiming to be from Chase and asking the recipient to correct something about their account.  When viewing the message on a computer you can hover the mouse over any links provided and see if they look real – in this case, doing that showed that the link actually went to a compromised server in Bosnia/Herzegovina:

When in doubt, don’t click on links in email that claim to be from your bank or an online merchant.  Log on to your account manually and decide whether any action needs to be taken.

Zimbra mail login issue 10/5/2018 – resolved

There was a problem this morning (Friday, 10/5/2018) with Zimbra mail logins (mail.his.com, dc.his.com, etc.) that caused logins from either webmail or regular email software to be extremely slow.  This was resolved around 10 AM.  We’re working with the vendor to identify the cause.

Zimbra mail servers upgrades

We are in the process of upgrading our Zimbra mail servers.
The new Zimbra mail server will not support un-encrypted connections.

If you are experiencing issues connection to the new server after the upgrade, see our articles under the Securing Email connections section of our Knowledge Base.

Call our 24/7 Phone Support, they will be happy to help you:
1-301-255-0500
Option #2: Tech. Support,
then Option #1: Email Tech. Support

AT&T Issue 7/8/2018 – resolved

An AT&T network issue that started at 3:34 AM EDT has been resolved.  This affected sites at our AT&T facility in Ashburn, VA intermittently until about 5:20 AM and was related to a maintenance event at AT&T.

Support phone line problem 5/1/2018 – resolved

Calls to our support phone line are failing because of a telco problem.  If you need to report a problem or ask for help, send email to support@his.com to open a ticket, or click here.

Update:  as of 8:30 PM 5/1/2018 the telco problem has been resolved.  Support tickets can be opened at 301-255-0500, option 2, or via email or web.

Centurylink data center issue – 12/12/2017 – resolved

There is currently an outage affecting our Sterling, VA facility, colocated with Centurylink.  The outage is being investigated.

Some services are impacted, including mail.his.com and several other mail servers.

Update:  as of 4:08 PM EST all services were restored.  Outage duration was 71 minutes.

mail.his.com emergency maintenance 11/12/2017 – resolved

Because of an issue with the server that hosts mail.his.com, we had to perform an emergency backup and restore Sunday afternoon, 11/12/2017.  This caused incoming mail for his.com and hers.com addresses to go missing for a few hours.  We were able to re-deliver all of the missing mail, so no incoming mail was lost.  Depending on your email software, the Sunday afternoon email might appear out of order if your software lists the messages by time received rather than time sent, but it’s all there.

If you manually moved mail from one folder to another on mail.his.com Sunday afternoon, those changes reverted.  Your mail is all there, in its original locations.

If you have any filters set up to move mail to folders other than your INBOX as it comes in, those filters worked when the mail was redelivered and your mail is where you expect it.

If you sent mail Sunday afternoon using mail.his.com, your mail was sent but copies weren’t retained in your ‘sent’ folder.

Petya Ransomware Attack 6/27/2017

There is a nasty ransomware virus that exploits vulnerabilities in Microsoft Windows and Office that is spreading rapidly worldwide.  Once one computer on a LAN/WLAN is infected the virus can spread to other computers over the ethernet or WiFi.

What you can do:  apply all of the latest Microsoft updates now.

More information:  WordFence Blog   Forbes    The Guardian