Beware: Scammers Are Targeting Websites Changing Their MX Records

I’ve mentioned this before but the reason I generally don’t spend too much time discussing the avalanche of scams, exploits and phishing attempts on this blog are twofold. First, if I discussed every scam I’ve come across I’d probably be posting five times a day. Second, there are far more qualified bloggers writing about this; I’m pretty partial to Krebs on Security myself. That said, this one caught my attention because it actually managed to make me think I’d done something wrong for a split second. Whenever that happens it’s worth addressing.

The other day I moved a financial website to my web hosting. They use Office 365, and after updating their MX records on their domain registrar accordingly it was a simple website copy. No downtime, all went well, everything looked in order and the partners were happy. Job well done!

The following day one of the partners forwarded me an E-mail he’d received some time after the web hosting transfer advising him that he needed to “validate” his MX records or his Office 365 account risked being shut down. He’d had the foresight to forward the E-mail to me before clicking on the professional looking button.

My heart skipped a beat. Had I done something wrong? Was the old web hosting connected with Office 365 in some obscure way? My mind raced for a moment and I was ready to go through this verification process until I double checked the sender info:  “MIcrosoft 0utlook Alert”

My worries instantly deflated, moreso when I realized that the E-mail had been sent by a .buzz E-mail account domain. Once I confirmed it was a fake the partner verified that he hadn’t clicked on the link and we returned to business as usual.

This was actually a fairly clever scam attempt. Phishing scams in general tend to rely on an emotional reflex that kicks in before people pause and realize something is wrong, but this one in particular targeted someone’s website specifically during a point where they would be more receptive to it. I’ve migrated dozens of websites and updated countless MX records but I always keep an eye out for any unforeseen consequences. This kind of phishing scam doesn’t just take advantage of ignorance; it took advantage of psychology.

Alternatively I could be giving whoever’s responsible for this scam way too much credit and it could have just been a coincidence, but it just stresses the importance of being careful. This is for everyone, no matter how tech savvy, since all it takes is one emotional moment and one mouse click before the brain’s veto power kicks in for the damage to be done.