Fake “account verification” email targeting Alibaba.com users

Businesses who use Alibaba.com to connect with Chinese manufacturers are being targeted in a recently discovered phishing campaign, Comodo warns.

It takes the form of phishing emails made to look like a legitimate email from Alibaba.com: the sender’s email address is spoofed to make it look like the email came from feedback@service.alibaba.com, i.e. the “Alibaba service team”.

With “Alibaba member account verification” in the subject line, the email contains an entreaty to perform that action by following one of the offered links:

Unfortunately for those who do, they will be taken to a login page that’s made to imitate Alibaba.com’s legitimate one.

If they don’t spot the difference and enter the login credentials, they will effectively hand them to the phishers.

The victims may not notice for a while that they have been duped, as after they submit the credentials, the page pops up a window reassuring them that the verification process has been completed.