Avoiding credential stealing scams
The 4d2.org tech team will never ask you for your password or other sensitive security information. If we need to help you reset a lost password for one of our services, after confirming your identity we'll send you a temporary password. You can ensure you're interacting with us and not with a third party by communicating using this helpdesk system. If you use PGP, you can always ask us to sign a message with our public PGP key.
When communicating via email, we always put URLs in plain text for you to copy and paste. If you receive an email of any kind containing a link to a "login page" to a 4d2.org service, it's likely not legitimate.
Email addresses in particular are trivially easy to spoof, and scammers can exploit this by harvesting usernames from websites and public platforms like Mastodon, Lemmy and Matrix, then sending an email blast to all of those usernames @ the associated domain, hoping that some users will be using the same username across platforms and thus will receive the scam email.
Impostor Matrix and Lemmy accounts also exist. These accounts are usually created by taking a user's profile image and creating a new account using that image and a subtle misspelling of the user's ID and/or display name. If you receive an unsolicited DM on either of these platforms that appears to be from a well-known user, it's a good idea to check their user ID very carefully.
Below is an example of an email that appeared to be from "4d2.org Support <support@4d2.org>" but actually didn't come from us at all. If you hover over the fake webmail link, you'll see that it points to a completely unrelated site. Before we sanitized the URL below, this site served a fake webmail login page designed to harvest 4d2.org users' mail credentials. These can then be used to send bulk spam. If this had happened, our mail server could have been blocked by major providers, which would compromise the availability of our email service for everyone. Not all scam emails are as poorly written and formatted as this one; some can be very convincing.
Your 4d2.org mailbox is full.
| 99% | 100% |
Your sarah@4d2.org mailbox has exceeded its allocated storage limit, which may restrict your ability to send or receive new emails.
Please take action now to ensure that your mailbox is brought back under the limit.
Please login to your webmail via storage link to portal here or click link below.