2011-05-18: 11:52 UTC     Phishing attempt - "You Have Exceeded The Storage Limit"

Several users have reported receiving a phishing email that claims to be from support@webmail.net with the subject "You Have Exceeded The Storage Limit". We don't own the "webmail.net" domain and have nothing to do with it.

The email requests that you click on a link to resolve the situation. The provided link then takes you to a form where you're requested to enter in your username and password. If you've provided this information, then you need to change your Tuffmail password immediately.

Tuffmail does send you an email when your account storage is exceeded (over quota), however the notification email comes from an mxes.net address and does not contain any links.

Here is a copy of the phishing email - please note that the provided URL is clearly bogus, especially since it doesn't point to a tuffmail.net or tuffmail.com domain.
Date: Wed, 18 May 2011 05:48:37 +0700
From: "System Administrator" 
To: undisclosed-recipients:;
Subject: You Have Exceeded The Storage Limit


You have exceeded the storage limit on your mailbox.

You will not be able to send or receive new mail until you upgrade your
email.

Click the below link and fill the form to upgrade your account.

http://sandersfamilyofeasttx.org/forms/use/support/form1.html

System Administrator
192.168.0.011


2011-05-03: 02:39 UTC     Phishing Attempt

An email has been sent recently to some Tuffmail users from a scammer claiming to be "Tuffmail Technical Support" using the forged sender address webmaster@tuffmail.net.

It's a rather poor Phishing attempt to trick users into giving up some personal information by clicking on a link and filling out a form. We don't know what kind of information was being requested because the link is now dead, however we can guess that it was probably asking for a mailbox username and password.

We never communicate with our users using "webmaster@tuffmail.net" as the sender address, and we would never ask you to click a link to "verify your information." We would never ask you for personal information, except within the context of a support request that you initiate.

A copy of the phishing email is provided below. Please note that the form link points to a domain that clearly isn't Tuffmail.
---------------------------- Original Message ----------------------------
Subject: Changes due to recent server upgrades
From:    "Tuffmail Technical Support" 
Date:    Tue, May 3, 2011 8:39 am
To:      undisclosed-recipients:;
--------------------------------------------------------------------------

Dear Email User,

This message is from Tuffmail Internet message center,
during our regular update and verification of your email
accounts, we couldn't verify your current information.

Either your information has changed or it is incomplete. If the
account information is not updated to current information within
5 days, then your account will be set on hold.

Log in to your e-mail account by clicking on this link:

http://rs.osceolanewsgazette.com/phpform/use/Tuffmail-Technical-Support/form1.html

After you logged in, update and verify your information please.

Thank you for your patience as we work together to protect your email
account.


To be protected under Sec. 5 (b)(1)(A)(i) of the CAN-SPAM act, notice is
hereby given than we will not give, sell, or otherwise transfer addresses
found on this website to any other party for the purposes of initiating, or
enabling others to initiate, electronic mail messages.
As if the harvesting robots will read

Copyright 2002-2011 Breah Internet Inc.




Page delivered in 0.026915 seconds, 40 files included