Junara 'not aware of any hack or breach' as Manx.net users report scams

No evidence of system-level compromise

The company which now owns and manages Manx.net email addresses says it's not aware of any hack or breach of its systems.

It's after Manx Radio heard from a number of listeners who said their accounts had been compromised after they paid to subscribe to the new service.

Back in October, Junara, which has been providing the technical platform for Manx.net for several years, assumed full ownership and customer support responsibility.

Users were given until 20 January to register and were told they would have to pay £65 otherwise their accounts would be deleted come April.

In recent weeks we've heard warnings from the Office of Cyber Security that scammers had been impersonating MT, sending emails including links that urged people to switch to the new firm within a few days.

But Roger, who phoned the Mannin Line on Tuesday, says something different happened with his account:

Other texters and callers gave similar experiences.

No evidence of a system-level compromise

In response a Junara spokesperson told Manx Radio: "We have been providing secure, reliable email services to customers in the Isle of Man since 2019, and to hundreds of millions of email users globally for more than 27 years. 

"Isle of Man customer email accounts were already hosted on Atmail systems prior to the transition to Junara. This means there has been no email account or data migration, and no change to the security controls in place for these accounts. This transition to Junara has not introduced any new risk to customer email accounts.

"Compromised email accounts are an ongoing, industry-wide issue affecting all global email providers and are most commonly the result of credentials obtained through phishing or password reuse. We are not aware of any hack or breach of our email systems, and our monitoring and checks indicate no evidence of a system-level compromise. 

"If customers use their email account password for any other service, or believe their account may have been compromised, we strongly recommend they log into webmail immediately and set a new, unique password that will not be used elsewhere. 

"Customers should also remain cautious and avoid clicking on unexpected email links claiming to be from Junara. 

"We remain fully committed to our Isle of Man customers, with our email experts monitoring and protecting services around the clock to keep accounts secure and available 24/7."

Advice from Cyber Security Centre

The Cyber Security Centre (CSC) for the Isle of Man has advice on the growing risks associated with email account compromises on its website, csc.gov.im

Recognising a compromised email account

Members of the public and businesses should be alert to common signs their email account may have been accessed without permission.

These include:

• Unrecognised emails sent from your account – If your Sent folder contains messages you did not write, or others report receiving suspicious emails from you, this is a strong indicator of compromise.
• Unexpected password reset notifications – Alerts about password changes you did not initiate may suggest an attempted takeover.
• Missing or deleted emails – Attackers may remove traces of their activity by deleting emails.

Immediate actions to take

If you believe your email account has been compromised, the CSC advises taking the following steps promptly:

1)   Change your password (and any reused passwords) - Change the password for your email account immediately. Use a strong, unique password.

2)   Remove unfamiliar auto-forwarding rules and inbox filters - Attackers often create rules that forward, delete, or hide emails to keep access and avoid detection. Check your mailbox setting for suspicious rules.
 

3)   Check and secure your recovery information - Review your account security settings and confirm that your recovery options are correct.
 

4)   Tell people who might be affected - Let your contacts and any relevant colleagues/customers know your account may have been compromised.
 

5)   Ensure multi-factor authentication (MFA) is enabled - Enable MFA on your email account and any other important accounts. This adds an extra layer of security to your accounts.

More detail about the steps above, email account recovery and how to reduce the risk of future compromise can be found on the CSC website - https://csc.gov.im/advice-guidance/email-account-compromise/

Cyber‑criminals typically stop using compromised or bogus accounts once they no longer yield useful information, but swift action is essential to minimise harm.

If you require further guidance or wish to report concerns related to email security, contact the Cyber Security Centre for the Isle of Man for advice and guidance.