Email from DiscountASP.NET? Maybe not.

Michael PhillipsIf you received an email claiming to be from DiscountASP.NET that includes the line:

“Domain account [Your Domain Name] has exceeded the limit load available for the existing pay rate plan.”

please do not follow any links in the email. It is a password phishing email and was not sent from DiscountASP.NET. It appears that the domain and email address information used to send the messages was harvested from public whois records.

If you did click on a link in the phishing email we recommend that you reset your Control Panel password immediately, and check your web site for any files that you didn’t upload yourself. You may want to change your email passwords as well.

We started to get reports of the email last Thursday, but we’re still seeing new reports today, so they appear to be going out in a slow trickle, likely in order to avoid triggering any spam flags at the host(s) they are being sent from.

If you received the phishing email, we would appreciate it if you could send a copy of the message (including the email headers) to support. It will help us in our efforts to get the phishing site(s) shut down.

Why are they targeting DiscountASP.NET users?

We don’t know, but we’ve noticed that they are also sending the same email to CloudFlare users, and I would assume it is also being sent to users at other hosts who just haven’t said anything about it publicly yet.

What are we doing about it?

We’ve implemented SPF records, which will stop the emails from being received at some mail servers, but SPF implementation is far from universal, so that’s a bit of a limited solution. From a technical standpoint though, it’s all we can do from our end.

We are, of course, reporting the phishing to the relevant hosts, and we’ve added a notice to Control Panel, posted to Facebook, Twitter and Google+.

And wrote this blog post…

Leave a Reply

Your email address will not be published. Required fields are marked *