WARNING: These are scams. They are Emails sent to a honeytrap address only ever used for this purpose. Do not reply to these people, they will try to con you into paying out money in return for nothing.
CAVEAT: Please note that some of these Emails may be impersonating a genuine company or person. We wish to make it clear that any such name mentioned within these Emails has no connection to the scam. For the sake of searching, we leave these messages untouched, but we will respond to any concerns left in our comments.
From: "brendinghat.com" <[email protected]>
Date: 22 Jul 2020 01:14:33 -0700
Subject: Important Notice: Emails Pending Delivery
Pending Emails Dear
[email protected] A communication error occurred while
delivering some of your messages.
The server detected 7 failed messages, you can view them
here and choose
what happens to them.
View Verification
<Suspicious link to firebase storage>
IT-Help-Desk
phone +25030384200
e-mail: [email protected]
<Suspicious link to firebase storage>
This email was automatically generated by the OUTLOOK IT ticket
system. You can reply directly to this email (Please do not change the
reference numb
<Suspicious link to firebase storage>
Technical Analysis
The actual Email showed a button to clicked. We have to strip that out for our website. The button link takes you to a form on the Firebase website.
Firebase is a Google sponsored storage area for web developers. It can be used by a scammer to host a simple form which mimics a login and steal a password.
So the victim receives an Email warning them about their account having a problem and presented with the cure – a button to click. They are taken to a login screen where they see their name and as the url mentions google (firebasestorage.googleapis.com) they assume it must be safe.
They enter their password. Behind the scenes, the form redirects the users to another site https://example.com/[email protected]&password=xyz321 and now the scammer has a new login/password combination to try on various sites – everywhere website my poor colleague has registered with his xyz321 password.
A good example of why we should have a different password for every website.