The latest scam: Someone tried to access your personal root server

Here’s a new phishing scam — or at least, this is the first time I’ve seen it.

The e-mail message comes in from an account named “localhost.” It looks like a message from Red Hat, complete with forged redhat.com headers. Here’s the message:

Subj: Someone tried to access your personal root server.

Someone with ip address 54.213.34.66 tried to access your personal root server.

Please click the link below and enter your root server information to confirm that you are not currently away. Also we will make you an update for your system.

Click here to confirm your account information.

The link goes off to what looks like a Red Hat Linux login page. It’s not. It’s someone trying to steal your login and password. Don’t go there.

>> Follow-up: This post is getting a lot of hits from people who received this phishing message and are searching for info about it on Google. I’m glad that you’re researching it! If you can leave a comment, I’m curious whether all the spams reference the same 54.213.34.66 IP address, or if the spammer is varying them. Thanks! (PS: Welcome to my blog. I hope you enjoy it. Look around, stay a while!)

Z Trek Copyright (c) Alan Zeichick
9 replies
  1. jhoff
    jhoff says:

    my wife got this one and she definitely doesn’t have a login to any linux boxes 🙂 so no need to be aranoid 🙂

  2. jhoff
    jhoff says:

    my wife received one of these and she definitely doesn’t have a login to any linux boxes so I suspect you’re being a bit paranoid…

  3. Spiffy, the Goji Juice Dog
    Spiffy, the Goji Juice Dog says:

    I just got this email as well! I was very confused about it, so I did a search in Google and found your post.

    The IP address the spammer gave was exactly th same as the one you mentioned, so obviously they’re not trying to vary it up at all!

  4. Pacmacca
    Pacmacca says:

    Yes same IP shown, I have just received one showing exactly the same ip address of 54.213.34.66. Further IP’s and info are displayed in the full message header

Comments are closed.