Dr. J. put out an appeal earlier today for readers to send in any Scams related to Hurricane Matthew. Literally within minutesMatthias sent us a Hurricane Matthew Phish that hit his inboxtoday. It purports to be from online payment company"> Welcome to Stripe!Due To Hurricane Matthew, our servers have been affected and We be updated and all Users with 2-step verification should disable this function for the mean TimeBefore we can fully provision your account, we need a few moments to verify some of the information you have provided.We typically notify our customers of their provisioning status within an hour after severs are updated . However, in some cases we need to verify your information over the phone first. The call shouldnt take long, but due to many users on our system we cant be able to reach every one so we ask you update and confirm your details to be on a safe side ">hxxps://dashboard.stripe.com/Hurricane Matthew- verification/ to update detailsUsers with wrong information would be banned from Our serviceRegards, and the dashboard link points to hxxp://fund2pay.org/stripe/ST/.
If you click through to the landing page. " />
After you verified your credentials it passes you through to the real Stripe login page. " />
Probably most interesting is that it requests Stripe users todisable their 2-factor authentication. So assuming you do enter your credentials 3-times and disable your 2FA, the Phishers would have unimpeded access to the account. Tricky!
In my mind this falls into the realm of low probability of success, but as P.T. Barnum said Theres a sucker born every minute.
-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.