The latest scam: Someone tried to access your personal root server

Here's a new phishing scam — or at least, this is the first time I've seen it.

The e-mail message comes in from an account named "localhost." It looks like a message from Red Hat, complete with forged redhat.com headers. Here's the message:

Subj: Someone tried to access your personal root server.

Someone with ip address tried to access your personal root server.

Please click the link below and enter your root server information to confirm that you are not currently away. Also we will make you an update for your system.

Click here to confirm your account information.

The link goes off to what looks like a Red Hat Linux login page. It's not. It's someone trying to steal your login and password. Don't go there.

>> Follow-up: This post is getting a lot of hits from people who received this phishing message and are searching for info about it on Google. I'm glad that you're researching it! If you can leave a comment, I'm curious whether all the spams reference the same IP address, or if the spammer is varying them. Thanks! (PS: Welcome to my blog. I hope you enjoy it. Look around, stay a while!)


Javier said...

Hello. Yeah I just got one.
I wonder if this get send at random or if they are directed especifically. (a bit paranoid ?)

jhoff said...

my wife got this one and she definitely doesn't have a login to any linux boxes :) so no need to be aranoid :)

jhoff said...

my wife received one of these and she definitely doesn't have a login to any linux boxes so I suspect you're being a bit paranoid...

Spiffy, the Goji Juice Dog said...

I just got this email as well! I was very confused about it, so I did a search in Google and found your post.

The IP address the spammer gave was exactly th same as the one you mentioned, so obviously they're not trying to vary it up at all!

Alan said...

I got the same IP address citation. Did a WHOIS search, the IP belongs to Merck.

Pacmacca said...

Yes same IP shown, I have just received one showing exactly the same ip address of Further IP's and info are displayed in the full message header

Lisa- one of the Girl Indie chicks said...

I received one too and I had a feeling it was just a scam but I thought I would research it before clicking anything. :) And yes, the IP address that is in my message is te same as yours.

Rumee said...

yep. Same ip. Could definitely sense it was a scam.

Aly said...


About Me

My Photo
Co-founder and editorial director of BZ Media, which publishes SD Times, the leading magazine for the software development industry. Founder of SPTechCon: The SharePoint Technology Conference, AnDevCon: The Android Developer Conference, and Big Data TechCon. Also president and principal analyst of Camden Associates, an IT consulting and analyst firm.