Amazon Phishing Spam E-mail - logs creds, CC details, billing address

E-mail

Spam e-mail is blasted from [email protected]ofzye.org.

Some e-mail headers

image

image

Phishing page

Hyperlink in e-mail:

  • https://lnkd.in/gUtuT_Tu?signature=newsletter&trackingid=FhAIfHDsUG3hSvrDXUeaPIKcsBoJXhaW
  • https://lnkd.in/gUtuT_Tu?signature=newsletter&trackingid=yy97JIBHBln5DkdvdktyfEFrIHTzc5yD

Yesterday leads to domain https://us-itsign.news-updateaps-amzn-xbejoz.com.
Today the shortened link leads to https://sign.confirm-newspaypl-ksvel.top/.
(I didn’t keep the full URL in my records)

Phishing page screenshot

Admin panel

Configured receiving e-mail

[email protected]

Protection

Attacker e-mail

E-mail password is the same as admin dashboard password 4 months ago, but now it is changed. I will not disclose the password as the admin dashboard contains sensitive info.

image

Attacker’s received e-mails sample

Other details

Some configurations have been changed to prevent the phishing page from currently working.

2 Likes

Hi , I’m getting Spam emails , every day … :rofl: :rofl: :rofl: :rofl: as i’m had subscribed to them.

The appropriate actions have been taken and the website has been reported the providers for investigations

Message ID: 606AABA5 - FBB3860F