Posts tagged with: phishing
← Back to all tagsPhishing email impersonating Capital One sent from OnlineAlerts--[yourname]@email.cz
Watch out for an email like this about Capital One, or any other financial site. If your account is locked, no reputable company should send you a link to enter your login information.
From my experience, real Capital One messages come from capitalone@notification.capitalone.com
To report suspicious emails to Capital One, visit capitalone.com/help-center/fraud-disputes/report-suspicious-email/. After filling out their form, forward the scam email you received to abuse@capitalone.com.
We've locked your online access.
Hi [name],
For your security, we've locked your online access due to too many unsuccessful sign-in attempts.
To sign in, you'll need to find and sign in with your existing username and password and need to reset your password after signing in.
Unlock Online Access [phishing link redacted]
- iOS
- Sign in to the Capital One Mobile app on your mobile device.
- Tap your profile photo.
- Select Security then mobile app verification.
- Tap the toggle switch next to mobile app verification to turn this feature on.
- Android
- Sign in to the Capital One Mobile app on your mobile device.
- Tap your profile photo.
- Select Security then Manage My Devices.
- Tap the toggle switch next to the name of the device you’re currently using.
Your safety and security are important to us. Thank you for choosing Capital One.
This one was sneaky because those numbered lists after the link seem like legitimate steps. I have never used their mobile app, but my suspicion is those steps would sign you out of the app. If you clicked the link and entered your login information, the attacker has it and could change it. Getting you to sign out of the app ensures you don't have any access at that point.
They also did a good job of including Capital One's boilerplate at the bottom of the message, including the legitimate From email and links to their Privacy Policy, Help, and Contact. The links used the click-notification.capitalone.com domain. I confirmed that matches real messages from Capital One.
To ensure delivery, add capitalone@notification.capitalone.com to your address book.
This email was sent to [email] and contains information directly related to your account with us, other services to which you have subscribed, and/or any application you may have submitted.
Capital One does not provide, endorse or guarantee any third-party product, service, information or recommendation listed above. The third parties listed are not affiliated with Capital One and are solely responsible for their products and services. All trademarks are the property of their respective owners.
Please do not reply to this message, as this email inbox is not monitored. To contact us, visit www.capitalone.com/help-center/contact-us.
Aside: I actually closed my Capital One account a couple months ago. They warned that eventually my online access might be turned off and they would send tax documents in the mail. At first glance, I thought that's what this message was, but realized my account was under a different email, plus @email.cz is phishy as hell.
Scam text message from (509) 387-9884
Watch out for a text message that is attempting to get you to enter your Amazon login like this. Amazon will not send you a text message like this:
“Amazon Order Review - Your Refund Has Been Approved
Dear Customer,
Following a recent review of our marketplace activity, we identified that a seller associated with your previous purchase failed to meet Amazon's operational standards. The seller has since been removed from our platform.As a result, you are entitled to a full refund, with no need to return the product. This action will not affect your account or purhcase history in any way.
Please click the secure link below to confirm your refund:
[bit.ly link redacted]Thank you for shopping with Amazon.
-Amazon Customer Support
{3N:E8:91:61:QV:L6:YD:KC:NP}”
I’m reporting the link to bit.ly using their report abuse page.
Nerd stuff:
This was a group message, including nine other numbers. It was also an RCS message, not SMS, and was end-to-end encrypted.
Various Unicode letters were used, making the text appear bold every few words. For example, it used the Unicode “mathematical sans-serif bold” characters to spell out “Amazon.” Most likely this was an attempt to avoid triggering spam filters, though my Android automatically prompted “report this as suspected spam?”
Bit.ly’s link checker indicates the destination was guoqushangmao dot com. Obviously, I do not recommend visiting that domain.
