sircles.net Computer Support The sircles IT blog | FW invoice approved from C2FO info@sarala.co.in - SPAM WARNING!!!

The sircles IT blog Internet Safety & Security, Windows Tweaks and Server Fixes

FW invoice approved from C2FO info@sarala.co.in - SPAM WARNING!!!

FW invoice approved from C2FO info@sarala.co.in - SPAM WARNING!!!   This email has been receive

FW invoice approved from C2FO info@sarala.co.in - SPAM WARNING!!!

 

This email has been received in connection with doing some business in India this week, obviously they have spotted the fact that we have been emailing to and fro with an Indian office with much talk of invoicing. Spammers have been monitoring our traffic from Office 365 and have decided to try their luck with this one:

 

 

 

C2FO

 

 

 

Good news!

Invoice Status: Approved and Paid. Your remittance file is ready to download.

This link will expire in 24 hours.

 

 

 

8am to 8pm EST | +1 866.435.7575 | support@c2fo.org

This email was sent on monday, may 8, 2019 to email@domain.com, by C2FO.

If you are subject to the jurisdiction of the European Union, please see the General Data Protection Regulation (GDPR) Personal Data Notice in the Privacy Policy.

2020 W 89th St, Suite 200, Leawood, KS 66206, USA

View in web browser | Privacy | Manage contact preferences

http://click.market.c2fo.com/open.aspx?ffcb10-febe1c787d67007f-fe0515727660037c74167377-fe9812727660017d76-ff5e177970-fe30117177670674731473-ff2917757d62

 

The link takes you to a fake Microsoft login presumably trying to catch your Microsoft 365 password or Outlook.com password, and also log the fact that you click on spam email links. The website is here:  http://securex-be.com/iTxU/?email=email@domain.com&response_code=hashishcode9o87ho978hwpujdp0p0f79h&locale=%7BEN-US%7D&ue=S0-dfj890988f7hvbQ==&realm=%7Borigin%7D 

The website is secured with a valid certificate but is not currently in use according to the home page but this may well just be a cover so they can populate the rest of it with criminal websites.

The links at the bottom just pointed to Google...?

The domain securex-be.com is just a copy of securex.be site and the certificate appears to have been made today.

Add comment