Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Bogus emails: - Your Cancellation

Published: 2012-05-09
Last Updated: 2012-05-09 20:09:19 UTC
by Dan Goldberg (Version: 2)
3 comment(s)


There are bogus order cancellation emails going around claiming to be from Amazon like this:



Dear Customer,

Your order has been successfully canceled. For your reference, here's a summary of your order:

You just canceled order 15-6698-2492 placed on May 9, 2012.Status: CANCELED


1 "Mulberry"; 2006, Special Edition

  By: Sorcha Stewart

Sold by: LLC


Thank you for visiting!


Earth's Biggest Selection


The 15-6698-2492 in the copy I received linked to the URL which contains this is in the body:
<script type="text/javascript">window.location="";</script>


the web server seems to be down:
--2012-05-09 13:43:19--  (try: 7) to||:80... 

It is probably safe to assume that the content of that site is not user friendly.
Here is the full content of the page at
<html><head><script type="text/javascript">window.location="";</script></head><body><a href="">Click</a></body></html>
Handler ISC
**Thanks to reader Jim Smuda for bringing this to my attention early today. 


3 comment(s)
Diary Archives