Lately I have been getting a lot of those ‘Invoice attached’ emails in just one of my groups. I always delete them unopened. No telling what malware is contained in that ‘invoice’, and I don’t care to find out.
Now in the same account the scums are trying another tactic, telling me my account is disabled due to suspicious activity, with instructions :
To try to regain access to your account, please visit our having trouble signing in page and select "I'm having other problems signing in."
Follow the steps and you'll be taken to our account recovery form, where we'll ask you some questions to help verify your identity.
We apologize for any inconvenience this may have caused, and thank you for your cooperation.
I placed my cursor over the link and saw this:
If I had been so foolish as to click the link and follow those prompts, no tell what would have happened. I have no doubt the link was somehow disguised as well.
I checked the IP address for the phish using IP NetInfo and at first it looked legit until I read this line:
189.230.67.192 Succeed Mexico MX-USCV4-LACNIC Uninet S.A. de C.V. 189.224.0.0 189.239.255.255 189.224.0.0/12 Yes GESTION DE CAMBIOS Insurgentes Sur, 3500, Piso 4 Peña Pobre, 14060 - Tlalpan - DF gccips1@REDUNO.COM.MX abuse@UNINET.NET.MX +52 55 56244400 [] LACNIC dsl-189-230-67-192-dyn.prod-infinitum.com.mx
So this scammer is really trying hard to circumvent any attempt to find him.
Just can't be too careful!
No comments:
Post a Comment