Spam mails are usually easy to identify: mistakes in the salutation and spelling cause a planned fraud attempt to fly quickly. Every now and then, cybercriminals mislead the victim’s real name, but then, on a linked phishing form, they doubt their seriosity when, for example, critical details such as bank receipts or directly and cashless credit card information are queried, for example when a phishing attempt occurs Paypal users, but they have never used credit card payments. The authenticity then makes it doubt that personal data are suddenly missing on the phishing form.
Not so with a current phishing mail that claims to be from the online retailer Zalando. Mimikama.at - the Association for the Enlightenment on Internet Abuse - has discovered it. With this e-mail including the phishing form, the responsible persons have given themselves a lot of effort to make the attack look deceptively genuine. The e-mail is an alleged invoice about the purchase of a high-priced product, which is actually at the stated price at Zalando. The delivery address is, however, a supposedly genuine but alien address. It gives the impression that a deceiver has bought at the victim's expense.
In the further course of the email, the victim gets the opportunity to respond to obvious problems with the payment. The user receives the option to cancel the payment via a link. Here, too, the only possibility is to recognize the fraud attempt as such. The linked URL does not match that of Zalando. The problem is: The fewest users are likely to look at the address bar when surfing. Mobile browser browsers also frequently hide addressbars. This is the biggest risk that cybercriminals are speculating on.
Reading Tip: Detecting Phishing Mails
Because the website, to which the users arrive, looks similiar to the original. This starts the conflict resolution of an incorrect order in counterfeited menus and continues to the user's own name and the e-mail address passed on to the original phishing mail. If you continue to believe that you are on the Zalando website to cancel the purchase, you may get the entry mask for your own account dates. The e-mail address has already been entered, it has been passed on as the name. The impression is made that the browser is on a website - the one from Zalando -, on which formular data like the e-mail address is already pre-loaded. On the other pages additional user data are requested, also the bank connection. The data entered does not end up with Zalando, but with fraudsters.
If you have a current antivirus protection, you should get a message as soon as the link from the e-mail is clicked. However, there is no guarantee.
Lesetipp: Virenscanner for Android
It is only to emphasize that users with corresponding claims via e-mail enter the address of the respective provider better manually, in order to look in the user account for any problems. If there is nothing to see, it is simply a phishing attack. And in the current case this is a particularly dangerous one.
No comments:
Post a Comment