Greenshades Blog


Greenshades warns of new Email Phishing Scheme

Posted on April 13th, 2016

Greenshades today became aware of a new email phishing scam that has NOT originated from Greenshades or its partners. These fake emails claim to be sent by Greenshades and demand that the reader click a link and provide security information. NOTE: These emails are neither condoned by nor approved of by Greenshades.

The emails may include the message “Your account has been frozen temporarily in order to protect it. The account will continue to be frozen until it is approved. Once you have updated your account records, your information will be confirmed and your account will start to work as normal once again.”

The link takes the reader to a page that is NOT hosted by Greenshades, does not list your company name on the page, is not located on www.GreenEmployee.com or www.GreenshadesOnline.com, and that does not contain the security lock in the navigation bar. The page is green in color and mimics a GreenEmployee and GreenshadesOnline sign-on page.

The page requests information including Employee ID, corporate email address, corporate password, Social Security Number, Date of Birth, and more.

Any of your employees who receive these emails should NOT respond to the emails or click the links. Please remind employees that Greenshades will never request their corporate email password, and that they should only enter sensitive information into secured websites that display “padlocks” in the browser. Please forward the scam emails to Greenshades at security@greenshades.com. If any of your employees indicate that they have provided this information, please disable access to their account immediately. This can be done with your administrator account on www.GreenshadesOnline.com or you can contact Greenshades Support for assistance.

The emails being sent may have a subject of “Account Update”, sent from noreply@greenshadesonline.com. Ask your IT staff to check to remove any such messages from your employee inboxes.
Greenshades remains committed to warning our clients of phishing attacks or login scams as we become aware of them.

 

An example message is provided below, however phishers may use variations on this email:


Dear  Client,
This is an automatic message by the system to let you know that you have to confirm your account information within 24 hours.

Your account has been frozen temporarily in order to protect it. The account will continue to be frozen until it is approved.
Once you have updated your account records, your information will be confirmed and your account will start to work as normal once again. This will help protect you in the future. The process does not take more than 5 minutes.

To proceed to confirm your account information please click on the link below and follow the instructions that will be required.


 

 

A sample website is below, however phishers may use variations on this page: