Skip to main content

Confirm that this is spam, "Messages quarantined since 2/13/2020"

GoWilkes
I'm getting an email every night at around 4am that LOOKS like it's from cPanel, but I'm not entirely convinced so I'm hoping you guys can confirm. The email subject that it references IS one that would have been sent (but not from info@example.com, and not at 3am), but the link isn't to my domain so it feels phishy. The subject is "Messages quarantined since 2/13/2020 for info@example.com", where the date is always the previous date and the email is for my domain. The reply email is info_delay@notice.com. I Googled this and found nothing. This is the body, converted to plain text just in case there's something malicious in there: info@example.com example.com has prevented the delivery of a new message to info@example.com because it contains heavy attachments. To immediately release it use the "Release and Deliver" button below. Sent: Tuesday ,February 13, 2020 at 03:24 am To: info@example.com Subject: Past Due Invoices Release and Deliver Why was my message held for review? Your email provider uses an email filtering service to stop certain types of email from being sent from your account. The content of the email you received scored high enough for the email systems to hold it in your quarantine for review. This is an automated message Please do not reply to this email. Copyright " 2020. All rights reserved.
Clicking the "Release and Deliver" link takes me to:

Comments

5 comments

Date Votes
  • quietFinn
    The sender wants you to press the button Release and Deliver, I wouldn't do it. It is spam, no doubt.
    0
  • GoWilkes
    My thought, too, but it was just odd that the subject was the same as one sent by our billing department
    0
  • GoWilkes
    I'm positive that it's spam, though... it finally hit me to look at the source of the final link and see where the login form directed: cyfyfkj.michalcova.beget.tech/data.php On the form that's an HTTP link, not HTTPS. I removed it here to prevent it from becoming a link. It's weird that it goes through googleapis.com, though.
    0
  • cPanelLauren
    Really, anyone can implement a google api - as long as they have a google account - in case you wanted to know what firebasestorage was you can find it here: Cloud Storage | Firebase
    0
  • bizzy
    It is spam or probably much worse. I moved from cPanel many years ago but still received an identical message to info@ [a domain of mine). It originated in Aruba. Very clever though. Ironically if I had still used cPanel I might have been tempted instead of instantly realising it didn't compute.. I pass my email through GMail which imho is the best spam cleaning service around - surprised they didn't catch it. Mine was received at 06:23 UTC this morning.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post