Phishing email impersonating Capital One sent from OnlineAlerts--[yourname]@email.cz

Watch out for an email like this about Capital One, or any other financial site. If your account is locked, no reputable company should send you a link to enter your login information.

From my experience, real Capital One messages come from capitalone@notification.capitalone.com

To report suspicious emails to Capital One, visit capitalone.com/help-center/fraud-disputes/report-suspicious-email/. After filling out their form, forward the scam email you received to abuse@capitalone.com.

We've locked your online access.

Hi [name],

For your security, we've locked your online access due to too many unsuccessful sign-in attempts.

To sign in, you'll need to find and sign in with your existing username and password and need to reset your password after signing in.

Unlock Online Access [phishing link redacted]

1. iOS
2. Sign in to the Capital One Mobile app on your mobile device.
3. Tap your profile photo.
4. Select Security then mobile app verification.
5. Tap the toggle switch next to mobile app verification to turn this feature on.

1. Android
2. Sign in to the Capital One Mobile app on your mobile device.
3. Tap your profile photo.
4. Select Security then Manage My Devices.
5. Tap the toggle switch next to the name of the device you’re currently using.

Your safety and security are important to us. Thank you for choosing Capital One.

This one was sneaky because those numbered lists after the link seem like legitimate steps. I have never used their mobile app, but my suspicion is those steps would sign you out of the app. If you clicked the link and entered your login information, the attacker has it and could change it. Getting you to sign out of the app ensures you don't have any access at that point.

They also did a good job of including Capital One's boilerplate at the bottom of the message, including the legitimate From email and links to their Privacy Policy, Help, and Contact. The links used the click-notification.capitalone.com domain. I confirmed that matches real messages from Capital One.

To ensure delivery, add capitalone@notification.capitalone.com to your address book.

This email was sent to [email] and contains information directly related to your account with us, other services to which you have subscribed, and/or any application you may have submitted.

Capital One does not provide, endorse or guarantee any third-party product, service, information or recommendation listed above. The third parties listed are not affiliated with Capital One and are solely responsible for their products and services. All trademarks are the property of their respective owners.

Please do not reply to this message, as this email inbox is not monitored. To contact us, visit www.capitalone.com/help-center/contact-us.

Aside: I actually closed my Capital One account a couple months ago. They warned that eventually my online access might be turned off and they would send tax documents in the mail. At first glance, I thought that's what this message was, but realized my account was under a different email, plus @email.cz is phishy as hell.