Amazon Phishing Spam E-mail - logs creds, CC details, billing address

Phishing
1

E-mail

Spam e-mail is blasted from statement-ozrfpsqaktfvrovzk-update-pabpvigkontkymrezgjw-ys@wordsofzye.org.

image
image870×629 75.9 KB

Some e-mail headers

image

image
image643×543 63.1 KB

Phishing page

Hyperlink in e-mail:

  • https://lnkd.in/gUtuT_Tu?signature=newsletter&trackingid=FhAIfHDsUG3hSvrDXUeaPIKcsBoJXhaW
  • https://lnkd.in/gUtuT_Tu?signature=newsletter&trackingid=yy97JIBHBln5DkdvdktyfEFrIHTzc5yD

Yesterday leads to domain https://us-itsign.news-updateaps-amzn-xbejoz.com.
Today the shortened link leads to https://sign.confirm-newspaypl-ksvel.top/.
(I didn’t keep the full URL in my records)

Phishing page screenshot

image
image964×588 44.2 KB

Admin panel

image
image1036×562 21.8 KB

image
image1074×630 48.1 KB

Configured receiving e-mail

image
image1024×501 34.5 KB

[email protected]

Protection

image
image1024×629 51 KB

Attacker e-mail

E-mail password is the same as admin dashboard password 4 months ago, but now it is changed. I will not disclose the password as the admin dashboard contains sensitive info.

image
image523×424 17.1 KB

Attacker’s received e-mails sample

image
image1019×593 51.2 KB

Other details

Some configurations have been changed to prevent the phishing page from currently working.

2 Likes
2

Hi , I’m getting Spam emails , every day … :rofl: :rofl: :rofl: :rofl: as i’m had subscribed to them.

3

The appropriate actions have been taken and the website has been reported the providers for investigations

Message ID: 606AABA5 - FBB3860F