No Image

Targeted Phishing: Your auth password for [ ] expires today !

It’s been a while since I received a targeted phishing. This time it is on one of my email accounts hosted on Google, and strangely, their phishing filter did not catch this one.     ITNotification <> Expiration Your Password for has expired today. You can change your Password or continue using current Access   KEEP PASSWORD  ->erased domain on Admin. 2023 Admin – 2023

PayPal is teaching fraudsters how to create the perfect phishing email

PayPal is sending a lot of emails these days, one of these got me confused. I am sure now it is a valid email, but the multitude of different links in it and the confusing information is making this email very suspicious.   Here is a summary of the email:   Ihre Meinung ist uns wichtig. Daher möchten wir Sie einladen, ein paar Fragen zu Ihrer Erfahrung mit PayPal zu beantworten. Sie helfen uns damit, unseren Service für Sie noch besser zu machen. Alle Antworten sind selbstverständlich anonym und vertraulich. Um an dieser 10- bis 15-minütigen Umfrage teilzunehmen, klicken Sie einfach auf den Button. Sie haben bis zum 27/01/2023 Als Dankeschön für Ihr Feedback erhalten Sie automatisch eine Gewinnchance für einen Mastercard-Geschenkgutschein im Wert von 1.000 €.* Für weitere Einzelheiten zu Gewinn und Teilnahmeregeln, klicken Sie bitte hier. Jetzt mitmachen     How do I know the email is not a phishing? Because all of these together (not separated): It addresses me via name It writes my email address below All domains belong to PayPal No confidential information is requested   Why is this email suspicious: The subject promises the chance to get a large amount of money if the…

Aggressive phishing against customers (now belonging to 1&1) is one of the biggests hosters in Germany. Since a few weeks we see a lot of emails containing various texts that try to convince the user to login to his account and perform some actions. Strato published on their blog also a post about these fake emails:   Fortunately, the phishing email is very simple and it just hides the target URL with the official URL. Pretty much all phishing filters detect it and block it.   The subject of the email is very aggressive: Last notification before judicial recovery The email says that the customer has one more day to pay. But now comes the funny part. The email says that the payment should be done via credit card, in order to make it “easy” for the customer. 🙂 To may this even more credible, they write that the introduction of a new payment method costs 1€. After that, they even communicate the name of the company that will try to retrieve the money from the customer: Intrum (   The problem I can’t stop to wonder how are the phishers obtaining all domains from Strato. I have all my…

Targeted phishing for Amazon Credit Cards

This time, there is a phishing for Amazon Credit Cards, which are served by LBB Bank. The user is redirected twice to some URLs, which are reported as “DECEPTIVE” by Chrome. Unfortunately, the final pages were deleted, so I can’t take screenshots.   Hallo Sie haben (1) wichtige Nachricht auf Ihrem Konto LandesBank Berlin AG. Um es zu sehen, klicken Sie bitte auf den Link unten: Herzliche Grüße Ihre Beraterin LandesBank Berlin AG

Targeted phishing on customers of

My domain is hosted at I received several such emails, showing that somebody really scrapes the next for finding targets of various ISPs. Lieber Kunde, Wir informieren Sie, dass die Domain ausläuft. Wie kann man sich erneuern ? Der Erneuerungs Vorgang ist schnell und einfach: bestellen Sie einfach online und bezahlen Sie dafür. Um die Bestellübersicht und den Betrag, den Sie bezahlen möchten, zu sehen, können Sie sich von dieser Seite erneuern. Was passiert, wenn ich mich nicht erneuere ? Im Falle einer Nichterneuerung werden die Dienste am Tag nach dem Ablauf deaktiviert und die Domain wird nicht mehr sichtbar. Herzliche Grüße STRATO AG Pascalstrae 10 10587 Berlin ———————————————————————— Vorsitzender des Aufsichtsrates: René Obermann Vorstand: Dr. Christian Being (Vorsitz), Christoph Steffens, René Wienholtz Amtsgericht Berlin-Charlottenburg HRB 79450 And this is how the page looks like:

Targeted Phishing against

We have ta lot of phishing attempts in German against   Subject: Wir haben ein Abrechnungsproblem festgestellt. Sehr geehrter Kunde, Wir haben ein Abrechnungsproblem festgestellt. Diese Art von Fehlern zeigt normalerweise an, dass die Kreditkarte abgelaufen ist oder Ihre Rechnungsadresse ist ungültig. Klicken Sie auf den folgenden Link, um Ihre Informationen zu aktualisieren: Herzliche Grüße ___________________________ Kundenbetreuung Strato S.p.A. ___________________________   Subject:Du hast eine Schuld von 5,00 € Strato Kundendienst BP 438 – 75366 Berlin CEDEX 08 Germaney Sehr geehrter Kunde, Du hast eine Schuld von 5,00 € Ein Betrag von 5,00 € ist für die Erneuerung Ihrer Dienstleistungen fällig. Informationen : Um die Unterbrechung Ihrer Strato-Dienste zu vermeiden, möchten wir Sie bitten, Ihre Situation so schnell wie möglich zu regeln und Ihre Zahlung per Kreditkarte 24/7 zu tätigen. Greifen Sie auf Ihr Zahlungsformular zu. Herzliche Grüße ___________________________ Kundenbetreuung Strato S.p.A. ___________________________     They are using shorteners at  

Dropbox phishing: someone is interested in your corporate files

I wrote before about the Target Malware. Now I can also write about Phishing. Here is one for Dropbox:     What is wrong with this email ? the contact me by extracting the user part in the email address (smustaca) The “Verify your email” goes directly to a phishing website. The text is rather unusual, as Dropbox will never send anything like this. Dropbox adds some personalized links at the end of the emails. Emails from Dropbox come from “” and not from “”     Why would anyone phish Dropbox? In order to get your files!   Why would anyone want to get your files? In order to have something possibly secret, interesting, to gain a competitive advantage, to blackmail you.   What can you do? Don’t click on those emails. Look careful at the links, and if you clicked, look that the website is legitimate. When you visit, you must check the seal (the small lock) by clicking on it:

Is eBay actually supporting phishing?

From time to time I am wondering if these guys (I am thinking at eBay, PayPal, Amazon, some banks) are actually trying to help phishers to do their “jobs”. The email you seen in the screenshot is a 100% authentic email from eBay Germany. I am being asked, you guessed right, to “protect my eBay account”. “Dear <user>, you have not updated your personal data since more than a year. In order to have your personal data up to date, help us to protect your eBay account better”. Sounds good, right? Please check your personal ebay information and make sure that they are up to date. Please ignore this message if you have updated your data recently.”   Same as 99.99% of the phishing emails. I couldn’t believe my eyes either, so I checked the headers of the email:   Useless to say, this is against their own policies mentioned here in German and in English here This is the link behind the button: It is true that their email is: addressing me personally, using my eBay account is not urgent, is not threatening it doesn’t have attachments, but it has pictures but, there are some elements that make…

Major PayPal failure: sending emails following all rules of a “good” phishing email

The email below (in German) is from PayPal. It is not a phishing email or a spam email pointing to some online pharmacy. I assure you of this. I have verified the DKIM and SPF information in the headers, checked all headers of any trace of alteration and of any trace of foreign IP address or domain. It is also very correct: it informs me that my credit card behind the PayPal account is about to expire. It asks me to update the credit card by clicking on the yellow button.   At this point, I am without words. I would have never expected to receive something like this from PayPal. Their suggestions to detect phishing and to report phishing are here: I quote: Suspicious emails Phishing and spoof emails aim to obtain your secure information, passwords, or account numbers. These emails use deceptive means to try and trick you, like forging the sender’s address. Often, they ask for the reader to reply, call a phone number, or click on a weblink to steal personal information. If you receive a suspicious email, FORWARD it to Our security experts can take a look to determine if it’s a fake. If…

“Apple iPhone 7 testers wanted”: Probably the most complex scam I’ve seen this year!

  This scam is sent by CHTAH.COM platform which is known to send millions of spam emails. You can see its added “value” by inserting the three colored rectangles on top of the mail. “iPhone 7 Testers Wanted!” is trying to lure the readers to a website that looks very much like the website.   Hey there,   It is official. Apple stores are crazily giving out iPhone 6 for ONLY 1£.   In order to claim your iPhone 6 for 1£, please follow the instructions below: 1) Click this link to tell us what improvement you want to see in the upcoming iPhone 7 2) Send us your shipment detail   Products are limited.   Participate iPhone 7 Survey Now!   Sincerely, Apple Survey Centre           The website tries to copy the CNN’s or BBC’s website but it is not very convincing as none of them looks anymore like this.   I guess that not many notice that it is not longer about the iPhone 7 but iPhone 6. Well, it should cost £1, after all 🙂 🙂     After you click on that link, you see what is it all about: You need…

%d bloggers like this: