At this time, I use a very fine service called "LogMeIn".  Specifically, I use LogMeIn Central to manage remote desktops as part of my I.T. business.  When an end-user has a problem that we need to resolve, I can just jump directly onto their desktop using a LogMeIn remote access session, and interact directly with the user on their computer screen.  It is very nice.

This week, I received three messages that appeared to be from LogMeIn.  The first email was thanking me for my LogMeIn renewal payment of $999, which contained a Microsoft Word Document attachment named "receipt", or something like that.

I actually started to open the document before I thought about it because I was so upset by this message.  You see, LogMeIn has undergone a significant restructuring in the pricing in the last couple of years, and I reacted emotionally because I was keyed in to this information that has been discussed heatedly in user forums and elsewhere.

Then my senses came about me and I inspected the technical headers of the email to confirm where it came from, and sure enough, it was a phishing attack.  So, I filed it in my "Scams" folder and went about my business.

A week later, I got a message with the same reply address that indicated that my credit card on file at LogMeIn had expired and that my service would be terminated in 72 hours.  At that point, I second guessed my first conclusion because I DO have an expired credit card on file at LogMeIn, because I knew that at some point I would be using a less expensive service to replace LogMeIn.

So, I began to pro-actively migrate to the new service, but before I got to the tedious phase of updating my 200 supported computers with different remote support software, I took one last look at the last LogMeIn email.  The technical headers revealed that the originating server was HLERHGFWZ (41.158.9.115), and the originating sender was peremptorilyhrs79@rexhongkong.com.  So, after doing the smart thing and logging back into LogMeIn Central and checking my subscription status, I concluded that this was a sequential phishing attack with a very clever strategy.  Knowing that there were many users like me out there who were playing out the string on their LogMeIn Central accounts, they used a 1-2 punch to try and get us to click on their malicious email attachment. 

These are days to be wary, my friends, and pay attention to your mal-ware protections.  The stakes are continually being raised, and even the experts can be played.