Phishing scam targeting our users

It’s just come to our attention that someone has launched a phishing scam against our customers, purporting to be from UK2, referring to a crashed server and asking customers to change their account password to a specified password and respond to the email to confirm it’s been done.

Please do not change your account password or respond to the email.

The mail looks like:

Dear UK2 Members,

You may have seen the technical difficulties UK2 has been having lately in terms of the hosting servers. Two servers crashed and needed to be replaced fully.

If you are receiving this email, then one of the two servers that crashed contains a site and/or a domain that you have registered.

For the servers to be repaired, we had to backup all clients files, and thus for the next two days, to repair the server fully, maintenance must be completed, which means all users accounts need to be reset temporarily.

For user accounts to be repaired, we need access to your account, to update it with the necessary fixes.

Please follow the following instructions so we can do this.

1) Log into your UK2 account with your UK2 username and password
2) Change your account password to the following: snipped the password
3) Click reply on this message now, with the message body being your: username *space* domain

We will undergo compulsory maintenance as soon as we receive this email back, and will be completed by March 10th. (Which is when you can change your password back)

Failure to do so within the next two days will result in an account lock and possible account termination.

All the best, UK2.

I’ve removed the password the fraudster included in the mail for the protection of anyone who did actually change their password (although for anyone who did reset their password to the one specified in the phishing mail I’ve changed it to something else and will continue to do so at regular intervals so that these scammers cannot access your account.

We will be contacting the hosting provider from which this scam originated now.

Watch this post for updates.