Amazon phishing scheme
In this morning's email were a couple from Amazon, all but one where legitimate. The one that caught my eye was one of those that is "Too good to be true" style phishing attempts.
It was offering a chance of winning £650 of Amazon gift cards.
It has all the classic warning signs of a scam
Below I have run through some simple checks on the email and the originating domain.
The email headers below show the originating server
Return-Path: <prime@programnotice.com>
Delivered-To: ************@*****.*****
Received: from serv1-lon.mx.************.net.uk (unknown [***.1.150.142])
by mail.************.co.uk (Postfix) with ESMTP id 7C5385610F20
for <***********@*****.*****>; Mon, 25 Jul 2016 08:55:10 +0100 (BST)
Received: from pxy.b.mx.************.co.uk (pxy.b.mx.************.co.uk [***.207.220.216])
by serv1-lon.mx.************.net.uk (Postfix) with ESMTP id 6E6EC82BE83
for <************@*****.*****>; Mon, 25 Jul 2016 08:55:10 +0100 (BST)
Received: from helping.programnotice.com (unknown [142.0.69.40])
by pxy.b.mx.************.co.uk (Postfix) with ESMTP id EBA392379B8
for <************@*****.*****>; Mon, 25 Jul 2016 08:55:09 +0100 (BST)
From: "Prime Shop" <prime@programnotice.com>
To: "************@*****.*****" <************@*****.*****>
Message-ID: <CDBC2FA6.7795183@programnotice.com>
Date: Mon, 25 Jul 2016 00:55:09 -0700
Subject: Please claim your Amazon Prime shopping credit
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
The domain programnotice.com is registered in Panama as shown below
WHOISGUARD PROTECTED
WHOISGUARD, INC.
P.O. BOX 0823-03411
PANAMA
PANAMA
00000
Panama
The email server is based in Netherlands
Meppel
KG
7942
Netherlands
An interesting point is the time stamp on the email shows a 7 hour time difference where as the Netherlands are a hour ahead and Panama 5 hours behind UTC
Whilst none of this is really informative, it is hopefully interesting enough to help people be aware of the risk from emails.
No comments:
Post a Comment