Phishing mails asking to "Confirm account"

Some users have reported receiving a message with subject “Mail service message 1/28/2023” asking them to “Confirm account to avoid permanent termination”. These messages are phishing attempts potentially trying to obtain login credentials.

Do not open this email or click on any links it contains. If you accidentally went to this phishing site and entered your login data, please contact our support team – – as soon as possible.

Please remember any system maintenance will be confirmed at, and all our sites are using valid TLS certificates for the domain or its subdomains (closed padlock on your browser).

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online servicesphone


Something like this…

Thanks Iñigo. Could you please forward this message to so we can evaluate how to block them?

El 29 de gener de 2023 11:52:50 CET, “Iñigo Ateka via /e/OS community” ha escrit:

I make it a habit of checking headers when I get mail of that sort.
Sometimes the From: headers are a dead giveaway.


How were the emails obtained? Will there be a report clarifying the situation posted soon?

1 Like

The team is investigating what happened and should share its findings ASAP.


Upon investigation, we only found 2 accounts receiving this message, with similar sender or source IP address. It doesn’t seem an orchestrated attack targetting users.

How were the emails obtained?

Affected users may have signed up on a dubious/trap service, or their addresses leaked on another site (e.g. Twitter), or simply published their address on some site profile.

We already put in place a good number of phishing detection rules at the end of 2022, but this particular message seems to have passed the check as it was sent from a legitimate domain/IP combination. Hence, inspecting the actual From address would have revealed its lack of authenticity (it was not even coming from an account).

Going forward, we plan to add better phishing checks and look for ways to unequivocally determine the authenticity of a message from the Murena team, as well as offering tips to our users to protect themselves from such threats on any online service.

In case of doubt, please reach out to us at

Thank you @Pitttuhau for the quick report!