WebMoney phishing emails
Hello, dear Habrovchane!
Recently, on Habré, it was possible to observe topics with examples of bad emails from one hosting company, and I want to tell you about bad emails from a single payment system.
I know that many Habrovoites have their WMID in the WebMoney payment system, so I think you will be interested in the example and analysis of my letter ...
')
Yesterday, at last, I was lucky and I received a letter about which I had heard more than once, but really wanted to see with my own eyes:
Let me clarify that the letter is very correct for an ordinary user of the WebMoney system with the expectation of phishing:
From: WebMoney.Passport <passport@wmtransfer.com>;
Subject: Message from the mail robot certification center WebMoney Transfer.
There is also a solid signature:
General Director: Andrei Agureev.
tel. 7 (495) 727-20-07
e-mail: financial@guarantee.ru
Mailing address: Russia, 123007, Moscow, 2nd Silikatny passage, 14, bld. 2, p. 14
But personally in this letter I was “surprised” by 4 points:
1) I am offered to pass authorization in WM Mini, and for a long time everything has been activated there;
2) I am offered to do this on a second-level domain mini-webmoney.ru, and I know that I need a third domain - mini.wmoney.ru;
3) I am offered to do this by the CEO from Moscow (guarantee.ru), and my Garant is located in Kiev (ukrgarant.com), since I live in Ukraine and have signed an agreement for servicing my U wallet with him;
4) They sent me a letter to the wrong email address.
Of course, I understand that all literate people have gathered here, so we will go and look at the letter headers:
As you may have guessed, there was no smell of WebMoney there ...
But I was outraged by something else - the fraudsters made this phishing email addressable, personally for me!
I can say this by analyzing the following points - my name and patronymic, indicated in the letter, are open only in my WM certificate, so the fraudsters clearly looked at it and saw that I am a system consultant and I have a website where I advise others, how to deal with fraudsters. Another indirect evidence of their viewing the site may be an email address that received a letter taken from the data of the business.
But, in spite of all this, the scammers had the audacity to send me a “useful” link, apparently, in the hope that I will not be very attentive.
It is also worth noting here that other users receive letters with other reasons for authorization in the Mini - WM output, ID blocking, card verification, etc. Fraudsters act on the situation and the information they have on the victim ...
I can not add that the Mini divorce is now very popular with fraudsters, therefore, in order to avoid trouble, it is advisable to enable this control method on the system security site and install powers of attorney on existing purses for Classic or Light, and then enter the Mini through Enum or SMS authorization.
Be careful, dear friends! If you have any questions, I will be glad to answer them ...
Recently, on Habré, it was possible to observe topics with examples of bad emails from one hosting company, and I want to tell you about bad emails from a single payment system.
I know that many Habrovoites have their WMID in the WebMoney payment system, so I think you will be interested in the example and analysis of my letter ...
')
Yesterday, at last, I was lucky and I received a letter about which I had heard more than once, but really wanted to see with my own eyes:
Let me clarify that the letter is very correct for an ordinary user of the WebMoney system with the expectation of phishing:
From: WebMoney.Passport <passport@wmtransfer.com>;
Subject: Message from the mail robot certification center WebMoney Transfer.
There is also a solid signature:
General Director: Andrei Agureev.
tel. 7 (495) 727-20-07
e-mail: financial@guarantee.ru
Mailing address: Russia, 123007, Moscow, 2nd Silikatny passage, 14, bld. 2, p. 14
But personally in this letter I was “surprised” by 4 points:
1) I am offered to pass authorization in WM Mini, and for a long time everything has been activated there;
2) I am offered to do this on a second-level domain mini-webmoney.ru, and I know that I need a third domain - mini.wmoney.ru;
3) I am offered to do this by the CEO from Moscow (guarantee.ru), and my Garant is located in Kiev (ukrgarant.com), since I live in Ukraine and have signed an agreement for servicing my U wallet with him;
4) They sent me a letter to the wrong email address.
Of course, I understand that all literate people have gathered here, so we will go and look at the letter headers:
As you may have guessed, there was no smell of WebMoney there ...
But I was outraged by something else - the fraudsters made this phishing email addressable, personally for me!
I can say this by analyzing the following points - my name and patronymic, indicated in the letter, are open only in my WM certificate, so the fraudsters clearly looked at it and saw that I am a system consultant and I have a website where I advise others, how to deal with fraudsters. Another indirect evidence of their viewing the site may be an email address that received a letter taken from the data of the business.
But, in spite of all this, the scammers had the audacity to send me a “useful” link, apparently, in the hope that I will not be very attentive.
It is also worth noting here that other users receive letters with other reasons for authorization in the Mini - WM output, ID blocking, card verification, etc. Fraudsters act on the situation and the information they have on the victim ...
I can not add that the Mini divorce is now very popular with fraudsters, therefore, in order to avoid trouble, it is advisable to enable this control method on the system security site and install powers of attorney on existing purses for Classic or Light, and then enter the Mini through Enum or SMS authorization.
Be careful, dear friends! If you have any questions, I will be glad to answer them ...
Source: https://habr.com/ru/post/94932/
All Articles