Phishing attack targeting Magento shop owners.

by

NinTechNet


A phishing attack has been targeting Magento shop owners for the past 24 hours attempting to steal their login credentials.
A so-called customer sends a "Invalid order item" similar to the following one:


The link seems to point to the Magento shop, but in fact it redirects to a fake login page hosted at http://order1264.com/:


The order1264.com domain was registered on December 29th, the day the attack started:

$ whois order1264.com
   Domain Name: ORDER1264.COM
   Registry Domain ID: 2206000037_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.namesilo.com
   Registrar URL: http://www.namesilo.com
   Updated Date: 2017-12-29T11:45:54Z
   Creation Date: 2017-12-29T11:38:11Z
   Registry Expiry Date: 2018-12-29T11:38:11Z
   Registrar: NameSilo, LLC
   Registrar IANA ID: 1479
   Registrar Abuse Contact Email: abuse@namesilo.com
   Registrar Abuse Contact Phone: +1.4805240066
   Domain Status: clientTransferProhibited
   Name Server: NS1.ORDER1264.COM
   Name Server: NS2.ORDER1264.COM





NinjaScanner

A powerful antivirus
scanner for WordPress.



NinjaMonitoring

Website Monitoring
for just .99 per month.



NinjaFirewall

Web Application Firewall
for PHP and WordPress.



NinjaRecovery

Malware removal
and hacking recovery.

Table of contents