Hello mSecure Support,
Is mSecure affected by a cyberattack?
I get many strange mails from info@mSecure.com with the information that 2FA SMS are not available.
Subject: SMS 2FA will be temporarily unavailable
SMS 2FA Temporarily Unavailable
Due to a new change in our authentication system's policies, the SMS option for authenticating your mSecure account using 2FA will be temporarily unavailable in the coming weeks.
If you are using Two-Factor Authentication for mSecure, please enable the Email and/or the Authenticator App method to make sure you’re not locked out when needing to authenticate in the future.
Looking to learn more about 2FA? You can here:
If you have any questions, contact us at
email@example.com or on our support site.
All links point to the same URL behind https://msecure.us10.list-manage.com/track/click?...
It looks like phising, but it reached my mSecure mail address.
To me it looks like mSecure account data has been stolen.
What is going on here?
Thank you for contacting us. This is an authentic email from us at mSecure. We are in the process of working through an issue with the SMS method of two-factor authentication due to new regulations SMS providers are implementing. This email was to notify our customers currently using that feature so they can make sure and have other options enabled for two-factor authentication while the service is under development.
With regards to your concern, I'm not sure what you mean when you say "All links point to the same URL behind..." The emails we send our customers either come from "Mailchimp" or "SendGrid." The emails that are sent directly from the app, which are known as "transactional" emails, are all send from "SendGrid." These are the emails like the "QR Code" and "Two-Factor Authentication Codes." If we are sending communications to our customers either for marketing or to let them know about specific issues in the app, like what's happening with the SMS 2FA feature, those emails are sent from Mailchimp. Any links you see in the email were either put there by us, or, if you are looking at an unsubscribe link at the very bottom of the email, that link is pointing to some URL supplied by Mailchimp.
Please take a look at the attached photo.
What I meant: Each link (Two-Factor Authentication, support site, Privacy Statement, Contact us, Unsubscribe and all images) points to the same URL. Ok, on closer inspection the IDs are quite slightly different.
But it looks like a phising email to me and not a legitimate mSecure email.
Note: I have redacted confidential information.
But you say the mail is from mSecure?
I understand your concern, but it's not a phishing email. I would never tell any of our users that an email was legitimate unless I knew for certain it was legitimate. We sent that email out last week, because of a problem we were experiencing with our 2FA SMS feature. That problem is fixed now, but we needed to let our users know about it. The email you're showing me is the email we sent.
As to the link you're showing me, I don't know why that link is in the email. We send out these emails through MailChimp, and we manually add the links to the email before they're sent, so it's likely getting through some filtering MailChimp is doing on their side before sending out the email. Again, though, the email is the email we sent out to our customers, so it is legitimate. If you don't want to click that link, I wouldn't do so. I visited it myself and it simply took me to our support site.