I received an e-mail, purportedly from mSecure. The subject was !! Notice to mSecure 2FA users
Due to a new change in our authentication system's policies, the SMS option for authenticating your mSecure account using 2FA will be temporarily unavailable in the coming weeks.
If you are using Two-Factor Authentication for mSecure, please enable the Email and/or the Authenticator App method to make sure you’re not locked out when needing to authenticate in the future.
I then had the following link for the support site:
This is different from what I have: https://support.msecure.com
Thank you for contacting us. This is an authentic email from us at mSecure. We are in the process of working through an issue with the SMS method of two-factor authentication due to new regulations SMS providers are implementing. This email was to notify our customers currently using that feature so they can make sure and have other options enabled for two-factor authentication while the service is under development.
OK, thanks. I have learned to distrust any e-mail reply that doesn't use the expected DNS domain. So list-manage.com did not sound like it was associated with mSecure. Sorry, it's my ISsec training kicking in.
I use biometric for my 2FA, so the SMS is not a problem with me.
No problem at all Michael. Real quick, where did you get that link with "list-manage.com" in it? I checked the email we sent out to users, and the support link doesn't look like that. In the email I have, it shows this link: "https://support.msecure.com/en/support/home"
Actually, scratch that last email. A different customer sent in a screenshot of the link you with "list-manage.com" in it. I'll look into this, but I'm not sure how that's getting added to the email. We send out these emails through MailChimp, and we manually add the links to the email before they're sent, so I'm not sure why this is happening.
Well, glad to know I wasn't specifically targeted! :-) Thanks for looking into it in more detail.
Mike Bird, CISSP
No problem at all Michael. I wanted to follow-up really quick to let you know the "list-manage.com" link was inserted by Mailchimp. Somehow, the changes they make to the links help with management of spam when our emails get sent. I don't understand how all of their systems work to accomplish what they accomplish, but Mailchimp is responsible for the link.