Phishing attempt (was: Re: **Do Not Ignore!!!***)

[Martin Steigerwald]

Ianseeks - 07.10.20, 08:35:56 CEST:
> On Tuesday, 6 October 2020 22:39:32 BST no-reply at kde.org wrote:
> > PASSWORD EXPIRED
> > 
> > 
> > Dear  Kde-pim
> > 
> > The password of your email account Kde-pim at kde.org   will expire on
> > 08/10/2020
[…]
> > ©2020 Microsoft
> 
> is this for real?  Anyone else get this email? i'm not touching it.
> 
> looks high risk when pointing to Outlook and using a html email.

No, it is not!

I already reported this to KDE sysadmin team.

Please don't click any link, do not enter any details.

Please also never publicly reply to anything you recognize as spam or 
phishing attempt. If you are unsure as you were, trim as much of the 
original mail as possibly, especially any links in there and change the 
subject line. Never ever replicate anything publicly that could be spam. 
You are just helping the spammers this way and confuse spam filters.

Really think on this: What would be the point of an password expiry mail 
for the mail account kde-pim at kde.org? kde-pim at kde.org is a mailing list 
address. It very likely does not even have a password. And also why 
would it be from Microsoft? KDE for sure does not use Office 365 or 
anything like this.

If you think on this and also look at the headers it is completely clear 
that this is bogus. Just look for the first few Received:-headers:

Received: from k1.vps-ams1.blazingfast.io (unknown [5.206.224.247])
 by letterbox.kde.org (Postfix) with ESMTP id 073B42846EC
 for <kde-pim at kde.org>; Tue,  6 Oct 2020 22:47:51 +0100 (BST)
Received: by k1.vps-ams1.blazingfast.io (Postfix, from userid 33)
 id AB12354FAC; Tue,  6 Oct 2020 21:39:32 +0000 (UTC)

This is clearly not coming from Microsoft or KDE.

Just press the 'V' key in KMail to see the mail source with headers.

Please only reply publicly to my mail if need be. There is no need to 
turn this into a large thread with lots of replies.

Best,
-- 
Martin