This “Zalando” order is a fake!

Please be careful! This payment to Zalando is a fake. Fraudsters want to use this invoice to deceive the invoice recipients.

There is no purchase at Zalando as described in this email and there is also no payment made incorrectly. Fraudsters invented a purchase here and sent a fake invoice.

Important note: The companies mentioned (Zalando and PayPal) have nothing to do with the scam . You yourself have become a victim here, with your name being misused to lure users into a trap!

In this case described, the invoice claims that there was a payment to “Zalando”, which can be stopped using the link in the email. However, this link leads into a trap. The subject of this email is “Confirmation of your PayPal payment”, and the email looks like this:

The salutation in this email reads in barrier-free plain text:

Hello,
you have sent a payment for €319.00 EUR to Zalando GmbH ( [email protected] ).
All details about this payment can be found in this email.

The aim of this email is to target PayPal customers and irritate them with the made-up content so that they click on the built-in link in the email. Zalando accounts or access to Zalando accounts are not the target of this email.

Phishing!

Caution! However, clicking on the link in the email takes the reader to a fake website that resembles a PayPal login. As soon as the website loads, our Kaspersky Internet Security intervenes and blocks access.

This software protection prevents access to a website that is modeled on PayPal. The address of this fake website is “ 475847.sicherheitonline-ssl. gdn ”, this is not PAYPAL . First of all, this is about the login data, which is requested using fake form fields. Form fields then appear which request personal data and then also ask you to enter payment information.

We warn against providing truthful information on these sites as they will end up in the hands of fraudsters.

General phishing warning:

• Phishing emails generally try to appear as if they come from the relevant company . Fraudsters use these to try to get personal data, preferably bank credit cards or other payment data.
• Protection software is helpful! With updated databases and appropriate heuristics, malicious sites are often blocked. We use Kaspersky protection software .
• The real “art” of these emails is the story with which the recipient is supposed to trust the email and open the inserted link. Expression, grammar and spelling, as well as plausibility and individuality play a very important role here. Especially in the recent past, there have been an increasing number of emails that shined with individuality: they could address the recipient with the correct name and also provide actual address and personal data.
• However, you can generally note: Banks, payment and purchase portals never ask you to log in to the account using a built-in link! In addition, although a generic salutation is always an indication of phishing, an existing correct salutation is not proof of the authenticity of an email .
• Tip on your smartphone: press and hold a link until a dialog window opens with the link preview. This shows where an embedded link should lead.
• Never log in via a link that is sent by email, but always type the relevant page by hand into the address bar of your browser and log in there. If there are actually announcements for the relevant service, they will be displayed there. In addition, if possible, you should also refrain from conducting banking transactions via public/third-party Wi-Fi networks , as you never know exactly whether (and in an emergency, by whom) these networks are being logged.
• Never enter real data in the form fields! Under certain circumstances, the data can even while typing without having to confirm with “continue”.