This day, there are two news, one good and one bad. We’ll talk about them, starting from bad.
Old Mail closure scam spread
Recently, a scammer has found a way to fool users into thinking that the old version of their mailbox is closing September 4th. The sender name is “E-mail Classic” that sent this scam message to every Hotmail user.
However, it’s easy to spot unusual links and text, because first, you will have a link that says “EMAIL ACCESS TO UPGRADE”. If you hover over a dangerous and malicious link, the address used to phish everyone’s accounts is found below:
Look at the link closely, and you’ll see the unusual name in the host name with the /newpage subpage, so it’s easily spotted.
If you are clicking this malicious link on Google Chrome right now as of writing, you will see the warning message from the browser saying that there are attackers there and are trying to steal your data. Yes, they do.
Never, ever, click on the Details and proceed there, because they ARE attackers. Even worse, Google Chrome lets you go to that site if you proceed with the risk. If you went to that link, the first thing you see is the favicon of the website and the title (tab).
Then, you see this screen which looks smart, but never official as the real login screen. This design is never used in any Microsoft products.
Log in with any username and password in both forms, and you’ll be redirected to your real Outlook inbox, but your information will be stolen to attackers. Also, it can’t detect whether or not the username exists, so it suggests that this is a phishing site.
Now, we’re going to inspect the element to see if there’s anything suspicious, focusing on the log in button.
First, we have this element on the Login button, but it is highly suspicious:
<input type="submit" id="Log_On" value="Log On" class="custombutton login_page">
- The button type is the submit button. Of course, pressing Enter will act as if the user has pressed the button, like most login forms do.
type="submit" - The identification of the button is Log_On.
id="Log_On" - The text of the button is Log On.
value="Log On" - Most importantly, the class that will be executed when the button is pressed is custombutton login_page.
class="custombutton login_page"
We’re going to ignore the first three points and focus on the fourth one, which is the class in some JS file.
Looking at the filesystem structure inside the website, we have every file that are listed in the left site of the inspect element page:
Of course, we have CSS files, fonts, images, and most importantly, JavaScript files. The site is currently down, so we couldn’t make further investigation. Maybe they’re punished. If it is up, we will continue from where we left off.
In general, NEVER EVER trust scam mails or anything that fools you. And now the good news is:
Ubuntu Eoan Ermine wallpaper competition closed
According to the Ubuntu Discourse, September 2 has came, and so the competition is closed for image submission. They are currently selecting the few winner pictures, and the official wallpaper will be made by the artwork team.
As soon as the wallpaper packs and the official wallpaper are released, we will put them to our blog here. For now, we will get Eoan Ermine beta version soon.
Aptivi 
Thoughts?