PHISHING CAMPAIN: "Version 1.4.15 Security Upgrade"
Over the last several years, an unscrupulous party has been operating an ongoing phishing campaign designed to gain login credentials to email accounts across the Internet. The scheme is simple: emails are sent out to unsuspecting recipients, using language that appears to discuss some software vulnerabilities that require the immediate update of SquirrelMail. The email provides a link that will supposedly allow you to upgrade SquirrelMail right away.
That link, however, sends the user to a web page that mimics the default SquirrelMail login screen. The page address is always on some domain where the phisher was able to compromise some security hole and upload their fake SquirrelMail login screen. When a user believes this scam to be real and enters their login credentials on the page, those credentials are collected and sent behind the scenes to another location where the phisher can pick them up later, while the user is simply redirected to our home page.
Judging from the fact that this scheme has continued for several years, it is reasonably successful.
DO NOT EVER ENTER YOUR LOGIN CREDENTIALS IN A FOREIGN WEB PAGE. Always verify the address of your email login screen ESPECIALLY if you clicked on a link in an email to get there. Also note that a user of SquirrelMail cannot simply upgrade software on their email server by logging into a web page. Software upgrades are handled by your system administrator.
If you want to report this problem when you see it, the best place to do that is to the system administrator of the domain where the fake SquirrelMail login page is found. Look at what domain is in the address to that page and research who operates or owns that domain and contact them to let them know their site has been hacked. The faster you can help shut down those fake login pages, the less fruitful this scam will become.
The SquirrelMail team NEVER sends out unsolicited email, especially any that require your personal email username and password! If you have fallen victim to this scam, CHANGE YOUR PASSWORD IMMEDIATELY and notify your system administrator so they can watch for any suspicious activity.