In real life, fishing can be pretty fun, especially if you hook a big one! Online phishing is never fun, though, because usually you are the one being snagged on a hook. We’ve posted about these kinds of scams in the past but now we have a prime example to show you, involving a very important company.
This is an email that one of our sales reps recently received. It states that it is from Authorize.Net, which is a company we work extensively with and which many of our merchants use for their gateway services. Since this is a company we do regularly receive emails from, at first it appeared to be a legitimate email correspondence. However, after looking closer, we realized there are many signs alerting us that it is in fact a scam email.
The “From” information is a good first sign (the first item highlighted in yellow). While the contact name does display “Authorize.Net”, the actual email it says it is from is the exact same as our sales rep’s email that it was sent to. This means they have spoofed her email address to appear here so that we can’t see where it’s really from, much like how scammers can spoof phone numbers to make it look like they’re calling from some place they are not.
The multiple typos throughout the email, which have also been highlighted in yellow, are another sign indicative of a scam. It’s highly unlikely that such a large and widely respected company as Authorize.Net would actually send a missive with such unprofessional errors throughout.
The final clue came when I hovered my mouse over the “Click here to activate your account” link. Rather than displaying an Authorize.Net URL as any actual Authorize.Net related link would, it showed this:
I made sure to not actually click on it, because who knows where it would have taken me and what damage could have occurred to my computer, but it is clearly not an official Authorize.Net website. While it does contain the words “authorize.net” within the link, the first part – “disegnocentell.com” – is the actual domain name of the website you will be taken to.
As I mentioned, I didn’t actually click on the link and so cannot tell you exactly where it would have lead. If this is a true phishing scam, most likely the website would emulate an Authorize.Net page and ask you to put in some sensitive information, leading you to believe you were entering it into a secure page related to your gateway account, but instead actually sending a copy of all of that confidential information directly to the scammer. The website could also cause malware to be installed on your computer just from going to it.
If any merchant receives a similar email to this one, please forward it to us immediately so that we can verify whether it is legitimate or not. Make sure not to click on any links or provide any personal information. Sometimes it can be very difficult to tell whether an email is real or a scam, but all of us here at eCom Merchant Solutions are always happy to research it for you to find out for sure.