The Comodo Antispam Labs (CASL) team has identified a new phishing attack targeted specifically at businesses and consumers who may use Alibaba.com, the global trading web site.
As part of a random phishing campaign, the fake emails are being sent from the spoofed address firstname.lastname@example.org – which to a business or consumer could appear to be sent from a legitimate email address, but it is not.
The email is designed to ask alibaba.com customers to verify their account, to (ironically) cut down on spam and fraudulent emails – when in actuality, it is stealing the passwords of alibaba.com users, when they log in to verify the information.
The Comodo Antispam Labs team identified the alibaba.com phishing email through IP, domain, and URL analysis.
“Cybercriminals are getting more and more creative each day – trying to use breaking news in the world of technology to try and take advantage of businesses and consumers and steal data, passwords, and financial information,” said Fatih Orhan, Director of Technology for Comodo and the Comodo Antispam Labs. “As a company, Comodo is working diligently in creating innovative technology solutions that stay a step ahead of the cyber criminals, protect and secure endpoints, and keep enterprises and IT environments safe.”
The Comodo Antispam Labs team is made up of more than 35 IT security professionals, ethical hackers, computer scientists and engineers, all full time Comodo employees, analyzing and filtering spam, phishing and malware from across the globe. With offices in the US, Turkey, Ukraine, the Philippines and India, the CASL team analyzes more than 1,000,000 potential pieces of phishing, spam or other malicious/unwanted emails per day, using the insights and findings to secure and protect its current customer base and the at-large public, enterprise and Internet community.
For the System IT Administrators who think their IT may be susceptible to the spoofed phishing email and want to help protect their infrastructure, the sending IP address is 188.8.131.52 and email@example.com is the original sender of the email.
From: Alibaba member <firstname.lastname@example.org>
Subject: Alibaba member account verification
There are two verification links inside the e-mail but they both simply hyperlink to the same link, which takes the user to a landing page with the Alibaba.com logo and sign-in information
After the user logs into the system with the email and password, a screen prompt surfaces that shows the “verification” has been complete (and thus, the passwords and ID have been stolen by the cyber thieves):