Jump to content

Gas Co eBill & MBAM Block

CraigS
 Share

Recommended Posts

CraigS

CraigS

Posted
Posted

For the 1st time ever I got an "MBAM Blocked This Poentially Malicious Website" pop-up whenever I [1-Left-Clk ] Hi-lighted the AlaGasCo email in the Inbox stating my home's (gas) eBill was avaialble for viewing. A few Googles of the IP 109.163.231.168 revealed Russian and/or Budapest sources.

In these cases is the email almost surely a PHISH email from Another source that just looks like the Gas Co's email?

I haven't gotten Another Gas Co email about the eBill as I should, so I'm wondering, as well, HOW the "Pop-up from just Hi-lighting the email" can become part of a

company's genuine email.

Any thoughts?

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Hi, CraigS:

It sounds as if it could have been a false positive, OR it could have been a browser redirect or phishing email directing you to a spoof web site.

The MBAM engineers can help to sort this out for you.

Please follow the requested steps in this sticky topic: IP Blocking False Positives

And then please post the requested info in the False Positives section.

The MBAM engineers will research it and determine if it could have been a FP, or not.

(In the interim, you can also research the IP in question at a site, such as ip-lookup.net.)

HTH,

daledoc1

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please do as requested but here is the information shown on that IP

IP address: 109.163.231.168

Host name: lh19738.voxility.net

109.163.231.168 is from Romania(RO) in region Eastern Europe

But I believe that GoDaddy who is the registrar was also recently having issues too so that might potentially be part of it.

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

OK -- be careful with links in emails, even if they appear to be legit. ;)

The bad guys are very good at spoofing the emails, links and websites these days.

(I generally avoid clicking on any links in ANY emails, no matter how legit they might be -- if I need to contact the gas company (or bank or PayPal or anyone!) after getting this sort of email, for example, I either call them directly or navigate to their official website from a saved bookmark.)

Cheers!

daledoc1

Link to post
Share on other sites
CraigS

CraigS

Posted
  • Author
Posted

OK -- be careful with links in emails, even if they appear to be legit. ;)

The bad guys are very good at spoofing the emails, links and websites these days.

(I generally avoid clicking on any links in ANY emails, no matter how legit they might be -- if I need to contact the gas company (or bank or PayPal or anyone!) after getting this sort of email, for example, I either call them directly or navigate to their official website from a saved bookmark.)

Cheers!

daledoc1

Duly noted. Remember that I actually was Getting the Pop-up JUST by 1-Clk Hi-lighting the Email to see it in Read Pane. I'm racking my brain trying to remember IF I Clk'd a Link to see the eBill but I'll definitely access it in the future from the company Bookmark vs. email link.

They weren't staffed to talk to me in the IT Dept but I'm already hiding in the bushes waiting for next month's email. Will post with Good data if same occurs. Thanks again to all.

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

If you have the preview pain, and you highlight an email, since you are viewing it in the preview pain, its the same as double clicking on it to open it. It is technically open. There could have been some code in the email that was trying to download something or there could have been an image that was hosted in a website that is on Malwarebytes block list.

Link to post
Share on other sites
CraigS

CraigS

Posted
  • Author
Posted

If you have the preview pain, and you highlight an email, since you are viewing it in the preview pain, its the same as double clicking on it to open it. It is technically open. There could have been some code in the email that was trying to download something or there could have been an image that was hosted in a website that is on Malwarebytes block list.

Thanks for the clarification and education -- I've disabled my Preview Pane as result.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.