Posted on Leave a comment

When email security and OCR collide …

This morning, many people received an innocent enough email from Battlefrog HQ – asking them to login to an Adobe ID page using their Gmail, Hotmail and other email provider credentials – and they could view an important document.

(note: my day job is in content and data security. I deploy and install web and email security solutions for the worlds biggest companies, working for one of the worlds biggest technology companies. I have 14 years in information security, and my wife has a decade working in a malware research lab – we know threats)

Read this before you do ANYTHING.

This is the original email

Screen Shot 2015-12-18 at 12.12.36 PM

This is the “login” page

Screen Shot 2015-12-18 at 12.10.05 PM

and this is where you end up, once you provide your email address, password and phone number.

Screen Shot 2015-12-18 at 12.12.28 PM

First point to note – this is not some scam by Battlefrog. Likely, Devin Glines (who is a real person, and does work for BF) simply had his password to his email account compromised. Possibly his machine was hacked. Regardless – Devin, if you’re reading this, change your password to your machine, your email account and patch / install anti-virus software urgently. I’m sorry you’re having to deal with this.

Second point to note – this is a scam to steal data. Not a very intelligent one though.

The page you see is made up of some image files, and a simple PHP script. It takes ANYTHING you put into the form (literally, anything), and emails it to “” – then redirects you to a likely totally legitimate website (the one you see in screen shots above). Want to see what that all looks like in code?

Screen Shot 2015-12-18 at 12.16.46 PM

What should you do now?

If you have put your email and passwords into this form – go and change them urgently. If you use that same password and email combination anywhere else, go and change those too. Seriously. They have been emailed to someone who has taken the time to hack Devin’s machine or email, and send a single email out to his address book.

You almost certainly didn’t get infected with a virus or malware – so thats good.

Create a strong password here:

Leave a Reply