The following fake bill claims to come from Saturn. You allegedly bought and paid for an iPad Air 2.
Of course, a stranger is entered as the delivery address. However, these invoices are one of those incredibly well-constructed scam emails that have been seen for weeks. This email also takes up the dangerous pattern of billing emails, which many other emails have already used. The email pretends to be an invoice and informs about a transaction that has taken place. She uses real elements, such as real existing sellers, items and also amounts. It can be assumed that this pattern will work successfully, as several users have already informed us that small sums were sent from their PayPal accounts that they did not initiate.
![image_thumb[1]](https://www.mimikama.org/wp-content/uploads/2016/02/image_thumb110.png "image_thumb[1]")
The content of this email in plain text:
Hello, Riana […]!
You have sent a payment for €849.76 EUR to [email protected] .
We have notified the seller that the item can be shipped.
All details about this payment can be found in your PayPal account overview.
Have you not made this payment?
If you did not make this payment in person, you may cancel the payment up to 30 minutes after opening this email.
Seller
[email protected]
Message for Seller
You have not entered a message.Delivery address
Christoph Markmann
Liesborner Str. 12
59556 Lippstadt
Germany
Shipping details
The seller has not yet provided any shipping details.Problems with your payment?
If this payment has not been made by you, please click on the link below to cancel the order.
Carry out cancellation
The email is based on a real invoice email and matches the elements that appear there. Here the character of an “incorrect transaction” is underlined in order to make the (invented) error more plausible. The allegedly purchased item is listed in this email as iPad Air 2 Wi-Fi + Cellular 128 GB – Gold item no. 3704408168 specified . The amount of €849.76 appears to be identical in all emails.
At this point, due to these many elements, the repetition: this email is a fake ! We have to say clearly that this type of counterfeit, which has been sent out with many different company names for about 2 months, is the most dangerous PayPal phishing method we have ever observed.
Therefore, do not click on the inserted link , but if in doubt, go to PayPal manually!
Phish
Anyone who follows the link in the email will be directed to a page with the constructed address “ paypal.authorize-de.in ”.
During our analysis, we expected the fraudulent form fields at this point, but it turned out that the corresponding page was not accessible at 8:29 a.m. on February 17, 2016.
However, that is no reason to give the all-clear! observed this and it turned out that the fake pages were available again at a later date.
Based on our experience with this type of email and its processes, we assume that the processes here would be analogous - if available. You can see this process using the example of the email regarding “Peek & Cloppenburg” .
General phishing warning:
- Phishing emails generally try to appear as if they come from the relevant company . Fraudsters use these to try to get personal data, preferably bank credit cards or other payment data.
- The real “art” of these emails is the story with which the recipient is supposed to trust the email and open the inserted link. Expression, grammar and spelling, as well as plausibility and individuality play a very important role here. Especially in the recent past, there have been an increasing number of emails that shined with individuality: they could address the recipient with the correct name and also provide actual address and personal data.
- However, you can generally note: Banks, payment and purchase portals never ask you to log in to the account using a built-in link! In addition, although a generic salutation is always an indication of phishing, an existing correct salutation is not proof of the authenticity of an email .
- Never log in via a link that is sent by email, but always type the relevant page by hand into the address bar of your browser and log in there. If there are actually announcements of the relevant service, they will be displayed there. In addition, if possible, you should also refrain from carrying out banking transactions via public/third-party WiFi networks , as you never know exactly whether (and in an emergency from whom) these networks are being used be logged.
- Never enter real data in the form fields! Under certain circumstances, the data can even while typing without having to confirm with “continue”.
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )