Good day, welcome to another bulletin from Breaking Scams…
Scam, just in…
Christmas is coming, and scammers need Christmas present money to buy their hacking tools. Today, I opened an email that seemed to be from the HomeOwners Alliance which raised my scam finder hackles.
The email was a typical phishing email in many ways, except it was extremely well done. So well done, in fact, that I was momentarily angry at HomeOwners Alliance for telling me two-weeks before Christmas that I had an outstanding invoice. I almost clicked the link…but then, I stopped in my tracks, my security awareness training kicking in. This is what the email looked like:
This is why it was so convincing:
- I am an actual member of the HomeOwners Alliance – they offer a very useful service – so it wasn’t unusual for me to get an email from them
- It capitalised on a brand that I used and trusted
- It had a sense of urgency as it was about an ‘outstanding bill’ with a service that I trust
- It had the look and feel of the brand I knew, and it was signed off by the CEO of the company
The email didn’t however, use my name in the salutation…a sure sign of phishing…
The email itself had several malicious links:
- The “View Invoice” button.
- “Why did I get this”
- “Unsubscribe from this list”
- “Update subscription preferences”
Clicking on any of the links takes you to a site http://in.campingmaui.com – the in. being a sub-domain. I didn’t take this any further. Clicking on that link could potentially have taken me to a site which uses something called an “exploit kit”; this would then have installed malware on my machine without my knowledge.
How did I end up with a scam email in my inbox?
I spoke to HomeOwners Alliance within 5-minutes of receiving the email. They already knew about the scam and were investigating it. Within minutes of that call, I received a second email, this time from the real HomeOwners Alliance. This email was sent to all account holders to let us know about the scam and to warn us not to click on any links in the email.
It seems that the phishing email was a result of a Mailchimp compromise. Email addresses were stolen and used to send the scam email out to HomeOwner Alliance members.
Interestingly, and perhaps related, Mailchimp has been having technical issues today as their Twitter support account, has had a number of complaints today. Also, the Tweet shown below seems particularly relevant to this latest HomeOwners Alliance scam:
If you receive an email from HomeOwners Alliance asking for an invoice payment, do not click on any of the links in the email.
If you use Mailchimp, it might be worth checking your access and updating any login credentials.
Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:
HomeOwners Alliance Scam Notice
Look out for a suspicious email which uses the HomeOwners Alliance brand. This is a scam email and clicking on any links will take you to a malicious website.
If you receive an email of this nature, ignore it. DO NOT click ANY links in the email.
If you receive an email like this and are concerned, you can report it to Action Fraud, The National Fraud and Cyber Crime Reporting Centre.
Don’t forget to share this with your colleagues and friends and help them stay safe.