Some users have reported receiving a message with subject “Mail service message 1/28/2023” asking them to “Confirm account to avoid permanent termination”. These messages are phishing attempts potentially trying to obtain login credentials.
Do not open this email or click on any links it contains. If you accidentally went to this phishing site and entered your login data, please contact our support team – helpdesk@murena.com – as soon as possible.
Please remember any system maintenance will be confirmed at https://status.murena.io, and all our sites are using valid TLS certificates for the murena.io domain or its subdomains (closed padlock on your browser).
Upon investigation, we only found 2 accounts receiving this message, with similar sender or source IP address. It doesn’t seem an orchestrated attack targetting e.email users.
How were the emails obtained?
Affected users may have signed up on a dubious/trap service, or their addresses leaked on another site (e.g. Twitter), or simply published their address on some site profile.
We already put in place a good number of phishing detection rules at the end of 2022, but this particular message seems to have passed the check as it was sent from a legitimate domain/IP combination. Hence, inspecting the actual From address would have revealed its lack of authenticity (it was not even coming from an e.email/murena.io account).
Going forward, we plan to add better phishing checks and look for ways to unequivocally determine the authenticity of a message from the Murena team, as well as offering tips to our users to protect themselves from such threats on any online service.