The e-mail message comes in from an account named “localhost.” It looks like a message from Red Hat, complete with forged redhat.com headers. Here’s the message:
Subj: Someone tried to access your personal root server.
Someone with ip address 220.127.116.11 tried to access your personal root server.
Please click the link below and enter your root server information to confirm that you are not currently away. Also we will make you an update for your system.
Click here to confirm your account information.
The link goes off to what looks like a Red Hat Linux login page. It’s not. It’s someone trying to steal your login and password. Don’t go there.
>> Follow-up: This post is getting a lot of hits from people who received this phishing message and are searching for info about it on Google. I’m glad that you’re researching it! If you can leave a comment, I’m curious whether all the spams reference the same 18.104.22.168 IP address, or if the spammer is varying them. Thanks! (PS: Welcome to my blog. I hope you enjoy it. Look around, stay a while!)