FROM THE COMODO LABS: Cyber Thieves Target Pandora Jewelers with New Phishing Email

The Comodo Antispam Labs (CASL) team has identified a malware attack targeted specifically at businesses and consumers who make purchases from Pandora Jewelers, an international Danish jewelry manufacturer and retailer known for its customizable charm bracelets, rings and necklaces.

E-mail phishing activity rises dramatically as the holiday season is upon us – and Pandora Jewelers is a new phishing target, using language that capitalizes on the public’s desire for an extreme sale.  The email is designed to capture credit card and financial information from business or consumers who try and make a purchase.

The e-mail spoofing threat arrived from the sender address custserv@aquae.kao6161.com with the subject line “Pandora Clearance.”

In the email screen grab, the e-mail appears to be from a fictitious jewelry reseller advertising a Pandora Jewelry sale. Pandora Jewelry typically allows its official resellers to promote the sale of their products via their own store websites and through e-mail promotions, which is why this phishing e-mail can be so dangerous to unsuspecting victims.

The Comodo Antispam Labs team identified the Pandora phishing email through IP, domain, and URL analysis.

The links provided should have pointed to http://www.pandora.net, however, the target links are directed to  http://www.bestpandorajewelry.com/index.html.

“Phishing emails are one of the biggest threats for techonlogy users today, because they are abusing the trust that is built between consumers, business and brands,” said Fatih Orhan, Director of Technology for Comodo and the Comodo Anti-spam Labs.  “The hackers are pretending to be from a trusthworthy entity such as a business owner, an e-commerce site or a popular social network, with the intention to steal customer’s credentials and/or financial  information.  At Comodo, we work diligently in creating innovative technology solutions that stay a step ahead of the cyber criminals, and keep enterprises and IT environments safe.”

The ComodoAntispam Labs team is made up of more than 35 IT security professionals, ethical hackers, computer scientists and engineers, all full time Comodo employees, analyzing and filtering spam, phishing and malware from across the globe. With offices in the US, Turkey, Ukraine, the Philippines and India, the CASL team analyzes more than 1,000,000 potential pieces of phishing, spam or other malicious/unwanted emails per day, using the insights and findings to secure and protect its current customer base and the at-large public, enterprise and Internet community.

If you feel your company’s IT environment is under attack from phishing, malware, spyware or cyberattacks, contact the security consultants at the Comodo: https://enterprise.comodo.com/contact-us.php

Email and Screen Grabs

The email screen that viewers initially see is below.  The “Shop Now” section of the email is where the cyber thieves are looking for businesses and consumers to click, to begin shopping and trying to obtain their financial information:

The HTML page users are taking to after clicking “Shop Now”

For the System IT Administrators who think their IT may be susceptible to the fake email, the sender’s email domain is “aquae.kao6161.com.”  The domain is registered at 2015-03-31T00:00:00+08:00Z out of Fucain, China.