Catch of the Day: Keep Your Mailbox Active Phish
Chef’s Special: Amazon Scam Phish
Also serving: Spam Filter Phish
Examples of clever phish that made it past my spam filters and into my inbox. Some are sent by clients or readers like you, and other reliable sources on the Internet.
You can send phishing samples to me at phish@wyzguys.com.
My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.
Keep Your Mailbox Active Phish
This arrived on Tuesday 2023-07-25 at 10:18 am. I am just getting around to looking at this on Wednesday at 5:40 pm.
The email address of the sender IONOS Support <admin@nodi.life> was proof enough that this is a scam. nodi.life is not an IONOS domain. It is the domain of phone app developer. They might want to look for evidence that their website was hijacked.
The CONFIRM SIGN-IN link resolves to https://rb.gy/zxxol#support@wyzguys.com and then redirects to https://ipfs.io/ipfs/QmYPexxQiwJJkg7FBeXcvDCH6BZnBCtRVULuLA2ax5FH7J?.html#support@wyzguys.com. We saw a similar URL to ipfs.io in last week’s Phish Fry.
The email:
Someone at Nodi has allowed the attacker to use their email domain.
An of course the usual credential stealing landing page.
What You Want From A Spam Filter
Here’s a daily spam report, notice the captured virus
Amazon Scam Phish
Here is a public service announcement I received from Amazon about scams that may affect my Prime membership.
Scammers are creative and they constantly devise new schemes, exploit new technologies and change tactics to avoid detection. Stay
safe by learning to identify and avoid scams.
Prime membership scams:
These are unexpected calls/texts/emails that refer to a costly membership fee or an issue with your membership and ask you to confirm or cancel the charge. These scammers try to convince you to provide payment or bank account information in order to reinstate a membership.
Amazon will never ask you to provide payment information for products or services over the phone. Visit the Message Center on Amazon.com or on our app to review authentic emails from Amazon. To verify your Prime Membership status or make payments, log into your Amazon account, and go to Your Account.
Account suspension/Deletion scams:
Scammers send texts, emails and phone calls stating that your account will be suspended or deleted and prompt you to click on a fraudulent link or verbally provide information to “verify your account.” Customers who land on these pages or receive these phone calls are then lured to provide account information such as payment information or account login credentials.
Amazon will never ask you to disclose your password or verify sensitive personal information over the phone or on any website other than Amazon.com. Please do not click on any links or provide your information to anyone over the phone without authenticating the email or phone call. If you have questions about the status of your account, go directly to Amazon.com or on our app to view your account details, including the Message Center which displays a log of communications sent from Amazon.
Here are some important tips to identify scams and keep your account and information safe:
1. Trust Amazon-owned channels.
Always go through the Amazon mobile app or website when seeking customer service, tech support, or when looking to make changes to your account.
2. Be wary of false urgency.
Scammers may try to create a sense of urgency to persuade you to do what they’re asking. Be wary any time someone tries to convince you that you must act now.
3. Never pay over the phone.
Amazon will never ask you to provide payment information, including gift cards (or “verification cards,” as some scammers call them) for products or services over the phone.
4. Verify links first.
Legitimate Amazon websites contain “amazon.com” or “amazon.com/support.” Go directly to our website when seeking help with Amazon devices/services, orders or to make changes to your account.
For more information on how to stay safe online, visit Security & Privacy on the Amazon Customer Service page.
If you receive communication — a call, text, or email — that you think may not be from Amazon, please report it to us at, amazon.com/reportascam.
Share
AUG
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com