Thursday, January 11, 2018

Amazon Phishing Email: Please verify your details

For the record, this is an Amazon phishing email attempt that is recently going around. What to do?  Report them, go to the bottom of page.

From: Amazon.ca [sales@derbyhotels.com]
Subject:  Please verify your details
Sent : Jan 10, 2018
Hello,
Based on your recent activity, a part of your details are missing or has been modified. To avoid any delays of your orders or account suspension, follow the link to update and verify your details.
Amazon Help Center Spam Link points to http://www.monduz.com/js/jquery.poptrox.php 
If needed, update your information with the card issuer
This can happen when you sign in for the first time on a new computer, phone or browser, when you use your browser's incognito or private browsing mode or clear your cookies.
 
Thank you for shopping at Amazon.ca,
  Amazon Customer Service


Microsoft SmartScreen 

Here's how the link look like in Outlook.com, it's wrapped in a SmartScreen forwarding URL that check for the validity and security of the link

https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.monduz.com%2Fjs%2Fjquery.poptrox.php&data=02%7C01%7C%7C9b8440e87fbb48ed2d6908d5586e5917%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636512153313293326&sdata=JjO2V1Gk9vdAxHR77mg9QDQUBTXCrjCf7N8gTJUDryI%3D&reserved=0

The actual link is 

http://www.monduz.com/js/jquery.poptrox.php


Here's how the phishing site looks

At the time of reporting this Microsoft's SmartScreen, reported this unsafe  and we get this screen. Protecting us from damage.





















IE is better than Google for phishing detection
If by chance you navigate to http://www.monduz.com/js/jquery.poptrox.php 


Google Chrome will let you to the site, where as in IE you get the above.

Using 
Microsoft's Internet Explorer the built-in SmartScreen will give you the above website unsafe message.

In Chrome, there's no such restrictions and the site looks like this. 






















How to tell this is a Phishing email ?

  1. Check email address in full, if it's not from originating company then it's phishing.
  2. Hover over all links in email, if it's not from the amazon.ca site then forget it.

  3. The best way is to look at message source, see below.

How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
Check for suspicious links, anything that does not originate from amazon.ca.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (downarrow to top right)->Report Phishing 

Report Phishing URLs at Google now 

If you have recievied this email take further action now by click these links

  1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Report phishing emails to Apple 

Forward the email to abuse@icloud.com. This provides Apple's legal department and law enforcement with useful information to help prevent future phishing emails.

No comments:

Post a Comment