Phishing attack targeting Magento shop owners.

A phishing attack has been targeting Magento shop owners for the past 24 hours attempting to steal their login credentials.
A so-called customer sends a “Invalid order item” similar to the following one:

The link seems to point to the Magento shop, but in fact it redirects to a fake login page hosted at

The domain was registered on December 29th, the day the attack started:

$ whois
   Domain Name: ORDER1264.COM
   Registry Domain ID: 2206000037_DOMAIN_COM-VRSN
   Registrar WHOIS Server:
   Registrar URL:
   Updated Date: 2017-12-29T11:45:54Z
   Creation Date: 2017-12-29T11:38:11Z
   Registry Expiry Date: 2018-12-29T11:38:11Z
   Registrar: NameSilo, LLC
   Registrar IANA ID: 1479
   Registrar Abuse Contact Email:
   Registrar Abuse Contact Phone: +1.4805240066
   Domain Status: clientTransferProhibited
   Name Server: NS1.ORDER1264.COM
   Name Server: NS2.ORDER1264.COM