For the record, this is an Amazon phishing email attempt that is recently going around. What to do? Report them, go to the bottom of page.
From: Amazon.ca [sales@derbyhotels.com] Subject: Please verify your details Sent : Jan 10, 2018 |
Hello,
|
Based on your recent activity, a part of your details are missing or
has been modified. To avoid any delays of your orders or account
suspension, follow the link to update and verify your details.
|
Amazon Help Center Spam Link points to http://www.monduz.com/js/jquery.poptrox.php |
If needed, update your information with the card issuer |
This can happen when you sign in for the first time on a new
computer, phone or browser, when you use your browser's incognito or
private browsing mode or clear your cookies.
|
Thank you for shopping at Amazon.ca,
|
Amazon Customer Service
|
Microsoft SmartScreen
Here's how the link look like in Outlook.com, it's wrapped in a SmartScreen forwarding URL that check for the validity and security of the link
https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.monduz.com%2Fjs%2Fjquery.poptrox.php&data=02%7C01%7C%7C9b8440e87fbb48ed2d6908d5586e5917%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636512153313293326&sdata=JjO2V1Gk9vdAxHR77mg9QDQUBTXCrjCf7N8gTJUDryI%3D&reserved=0
The actual link is
http://www.monduz.com/js/jquery.poptrox.php
Here's how the phishing site looks
At the time of reporting this Microsoft's SmartScreen, reported this unsafe and we get this screen. Protecting us from damage.
IE is better than Google for phishing detection
If by chance you navigate to http://www.monduz.com/js/jquery.poptrox.php
Google Chrome will let you to the site, where as in IE you get the above.
Using Microsoft's Internet Explorer the built-in SmartScreen will give you the above website unsafe message.
Using Microsoft's Internet Explorer the built-in SmartScreen will give you the above website unsafe message.
In Chrome, there's no such restrictions and the site looks like this.
How to tell this is a Phishing email ?
- Check email address in full, if it's not from originating company then it's phishing.
- Hover over all links in email, if it's not from the amazon.ca site then forget it.
- The best way is to look at message source, see below.
How to examine Email Message Source ?
Now lets look at message source- Outlook.com->Actions->View Message Source.
- Gmail.com->More (down arrow to top right)->Show original.
Report Phishing Email (not as Spam)
- Outlook.com->Junk (at Top)->Phishing Scam
- Gmail.com->More (downarrow to top right)->Report Phishing
Report Phishing URLs at Google now
If you have recievied this email take further action now by click these links
Report phishing at Microsoft and government agencies
Report phishing emails to Apple
Forward the email to abuse@icloud.com. This provides Apple's legal department and law enforcement with useful information to help prevent future phishing emails.
No comments:
Post a Comment