Email Phishing Scam Alert

Email Phishing Scam Alert

This content has been archived. It may no longer be relevant

The bad people trying to make the world worse never take a day off, so why should I? – Bob Marley.

Email Phishing Scam Alert

Scammers never stop. Constantly tweaking, wheedling, and trying to entice you to click their links. Whilst you don’t have to work all day against the scammers, you should always be vigilant, looking out for odd or suspicious email content.

Here is another variant on the theme that has been cropping up recently.

Scammer Screenshot

It might look legitimate at first glance, for instance, they’ve even stolen our logo image from our website.

In the second column ‘Recipient’, they have thoughtfully added a genuine “mail-to” link. When clicked it will open a new email in your application, addressed to you (or in this case me).


The easiest way to check if an email is genuine is to look at the email headers. Below are the headers from this email:


To: Stewart Anderson>
X-Spam-Level: **
Mime-Version: 1.0
Content-Type: text/html
X-Get-Message-Sender-Via: authenticated_id:
X-Spam-Status: No, score=2.6 required=6.5 tests=BAYES_50,HTML_MESSAGE, MIME_8BIT_HEADER,MIME_HTML_ONLY,RDNS_NONE,TO_NO_BRKTS_NORDNS, TO_NO_BRKTS_NORDNS_HTML shortcircuit=no autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
X-Antiabuse: This header was added to track abuse, please include it with any abuse report
X-Antiabuse: Primary Hostname –
X-Antiabuse: Original Domain –
X-Antiabuse: Originator/Caller UID/GID – [47 12] / [47 12]
X-Antiabuse: Sender Address Domain –
X-Spam-Pyzor: Reported 0 times.
Content-Transfer-Encoding: quoted-printable
Received: (qmail 14186 invoked from network); 12 Aug 2021 11:13:47 +0200
Received: from ( by with AES256-GCM-SHA384 encrypted SMTP; 12 Aug 2021 11:13:47 +0200
Received: (qmail 20819 invoked from network); 12 Aug 2021 11:13:47 +0200
Received: by simscan 1.4.0 ppid: 20800, pid: 20813, t: 1.1411s scanners: attach: 1.4.0 clamav: m:59/d:26231 spam: 3.3.1
Received: from unknown (HELO ( by with AES256-GCM-SHA384 encrypted SMTP; 12 Aug 2021 11:13:46 +0200
Received: from [] (port=50495 by with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from id 1mE6mQ-000F8U-1s for; Thu, 12 Aug 2021 05:13:37 -0400
Received-Spf: softfail ( transitioning SPF record at does not designate as permitted sender)

The first thing to notice is who the real sender is, line 5 – X-Get-Message-Sender-Via: authenticated_id: UH OH! This is supposed to be from – warning!

That is as far as you need to go before adding the email to your Junk folder – or simply deleting it.

By the way, I have deliberately left the ‘mailto’ link for in the headers above because the address doesn’t actually exist. Good luck scraping and using that address scammers!

For the more technically curious there are more signs that the sender is not in fact who they say they are. The last line shows an SPF fail – pretending to be

If you would like to discuss this article further or submit an email for analysis, please chat with an agent or contact us.

As always be vigilant, keep well, and stay safe.

Please leave us a message


This package requires a once-off installation of

P1,200.00 excl. VAT

Want to spread the cost? Select options from the

'Installation Fee' menu.

*N.B. An 8% handling charge is added for spreading set-up

costs over 2 months, and 10% for the 3-month option.

This is a shared package.

Contention ratio sharing: 4:1

More information about Contention Ratios

Looking for dedicated, unshared connections? Contact us to discuss your needs.