A few days ago a long-term client received a suspicious email which threatened to remove their inactive email accounts. Naturally the first thing they did was notify us. We immediately smelled a rat and asked them to forward the email to us for further investigation.

Here is a screenshot of the email in question (with sensitive information removed):

Yeah, this is a malicious email. The fact that the email was sent from the domain mailwe.site but they tried to mask it with our client’s own domain is a huge red flag. A quick WHOIS search shows that the domain is only 5 days old (as of writing this) and the server is located in Russia. What’s more our chosen email provider has never sent out an email like this (and we could have easily double-checked with them).

The tricky thing is that because this domain is so new services like Google’s Safe Browsing had no data on it. So a quick search online would not have turned up any warnings.

We at Caveena Solutions work to protect our clients from such malicious practices which, sadly enough, has only increased over the years. We have the experience to spot tricks like this even when an online search would not have helped.

Apologies to those curious where the big “Confirm” button would have brought us. We didn’t bother checking because we’ve got far better things to do with our time 🙂