Magento phishing mails with security patch note
Today one of our customers (shop owner) received a very nearly perfect looking Magento phishing mail with security patch note. It contains an authentic text with link and an attached document. This phishing mail announces Magento patch SUPEE-9789.
ATTENTION! do not click any link and do not open attachment. Delete this mail immediately!
Magento phishing mails with security patch note
We received a mail with this subject: “Critical updates for Magento 1.x and Magento 2.x versions – SUPEE-9789“. It contains a valid looking text you can see in my screenshot. A new security patch is announced with number SUPEE-9789. Also a link to an official Magestore website and an attached document (Supee-9789.doc) is provided. Everything looks ok but:
- Attached document contains macros. I opened it on Linux with LibreOffice, which can not execute Microsoft Office macros – an instruction document will never use macros!
- The link to official website goes to demo.magestore.com. If you click it, you will download a webpos.exe file, which can’t be a patch
This mail was sent by info@magestore.com with name info@magento.com. It is obvious, that someone has cracked on of Magestore demo shops and use that account to send mails from a trustable looking source.
I have no clue what this attack is for. It may want to install ransom ware or do something similar. If you have detailed information, feel free to write a comment.
Validation checks
If you get a mail, do not click on links without viewing its link destination. Modern mail programs display a on hover text with link destination. If it points to a *.exe file, something may be wrong. Also, do not open *.doc or *.pdf files if you do not exactly know what it is or the source of this file is not trustable. If macros are used, disable them by default in your office program or better: do not use Microsoft Office.
Conclusion
I hope no one got problems opening links or attachments from such Magento phishing mails. I also hope, that some of you opening my article are now warned and delete this mail. Hacked Magento stores may become spam servers, so always install recent security patches and invest more time and money into your IT department.
2 Responses
[…] in our server to make sure that no one can download it. Simultaneously, we also have reported the phishing emails with security patch note to Magento to have solutions and announce all their customers. In addition, we are continuing to […]
[…] in our server to make sure that no one can download it. Simultaneously, we also have reported the phishing emails with security patch note to Magento to have solutions and announce all their customers. In addition, we are continuing to […]