Fraudsters are currently trying to obtain user and login data by sending multiple copies of emails.
To date, we have two different versions of the same scam. In this case we will address the fake email with the abusive 1&1 representation, the other email we have refers to Vodafone .
The emails in question are identical in content and read in plain text:
Dear customer 1und1
We recently discovered that various computers connected to your customer's account number or name, 1and1 domain, password and several failures were present prior to registration.
We now need to reconfirm 1und1
If it is not activated within 48 hours we will be forced to suspend your account indefinitely because it will be used for a fraudulent purpose.
Thank you for your understanding in this way.
To verify your account online:
>>>Click here<<
[adrotate group=“1″]
At this point, in clumsy German, an attempt is made to lure the recipient to a fake site.
Fake reports!
These emails are about nothing other than an attempt to lure the recipient into a trap. Anyone who follows the instructions and clicks on the link will receive a corresponding warning at this moment the protection software is active and updated
The variant “1&1” leads to a fake login page, which is based on the 1&1 login. However, caution is advised here: the site is after the login data!
This fake site only targets login details. No personal or address details are requested, nor are any bank details. This is because if you have full access to the account you can access address and bank details anyway. In this respect, the login data is already sensitive data.
General phishing warning:
- Phishing emails generally try to appear as if they come from the relevant company . Fraudsters use these to try to get personal data, preferably bank credit cards or other payment data.
- The real “art” of these emails is the story with which the recipient is supposed to trust the email and open the inserted link. Expression, grammar and spelling, as well as plausibility and individuality play a very important role here. Especially in the recent past, there have been an increasing number of emails that shined with individuality: they could address the recipient with the correct name and also provide actual address and personal data.
- However, you can generally note: Banks, payment and purchase portals never ask you to log in to the account using a built-in link! In addition, although a generic salutation is always an indication of phishing, an existing correct salutation is not proof of the authenticity of an email .
- Never log in via a link that is sent by email, but always type the relevant page by hand into the address bar of your browser and log in there. If there are actually announcements of the relevant service, they will be displayed there. In addition, if possible, you should also refrain from carrying out banking transactions via public/third-party WiFi networks , as you never know exactly whether (and in an emergency from whom) these networks are being used be logged.
- Never enter real data in the form fields! Under certain circumstances, the data can even while typing without having to confirm with “continue”.
Article preview image: file404 / Shutterstock.com
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )