Back to Fred Mac Donald's Blog
The target of this weeks scam is the Cryptocurrency website known as https://www.luno.com/
The email received looks well planned with a couple of images that needs to be downloaded. There are most probably tagged to detect opening rates and if the email used is an active email. So I did allow the display of the images and as a result, I do not have a screenshot of the email.
Hi, We identified something unusual about a recent sign-in to your Account To help keep you safe, we require an extra security challenge
To opt out or change where you receive security notifications, Click here. Thanks, Questions? Visit the Help Center |
|
The sending email belongs to some poor fella over at umons.ac.be
Checking the URL linked to the buttons, you would end up on a page that looks exactly like the luno.com website login page.
The data-flow graph indicates a hacked seurce-paym4nt.ga website. Looking at the domain name, the whole thing looks suspect.