Rectron phishing email

P

Praemon

Expert Member
Joined
Jan 11, 2007
Messages
1,897
Reaction score
472
Location
Cape Town
[Edit: Rectron has confirmed it was a phishing email. Just leaving this as awareness]

Not sure where to post this. I had a Rectron account from back in 2016 (Cape Town branch), but haven't bought anything from them. This morning around 4AM I received an email from the debtor's clerk who handled my application. The email talks about an urgent matter and then has a blurry image saying the email is about this image, which is apparently a "receipt" (subject is just "Receipt" too). The image then links to a file download, which I assume carries a Trojan or similar. I've seen a similar trick before using blurry images as a incentive to click and download it.

What's worrying is that the headers of the email show that the email was authenticated by their mail servers. So either their mail server is compromised or authentication is relaxed, or the email address is compromised. I tried contacting them directly via their website, but their contact form is offline.

Anyone else got a similar email? It looks otherwise authentic, with a proper signature and everything (although no images), and I'm sure it will trick a number of people in downloading it. So if anything, this is just a warning to anyone who may have received something similar.

Subject: Receipt
Body:

[blurry image]

Good Day

I have been trying to call you on phone to discuss this. In attachment is a copy of the payment receipt with

information for adjustments to both documents

Kindly confirm receipt as i will appreciate if you could render any assistance as this is urgent.
Click to expand...
 
Last edited:
Headers can be forged. As you have account with them, you should contact accounts and find out if there were any purchases using your account. The above information should give you any sales agent too. Someone could order or purchase goods using your account and you should let them know.

It could be also outstanding account verification process for credit purpose. As you didn't buy from them yet, they had no chance to verify your banking details, so process was postponed.
 
sajunky said:
Headers can be forged. As you have account with them, you should contact accounts and find out if there were any purchases using your account. The above information should give you any sales agent too. Someone could order or purchase goods using your account and you should let them know.

It could be also outstanding account verification process for credit purpose. As you didn't buy from them yet, they had no chance to verify your banking details, so process was postponed.
Click to expand...

The mail passed SPF and DKIM from their servers, so the headers are not forged. The mail is also base64 encoded, presumably to try get around spam filters. The English is poor in the email, and not similar to the writing style of the actual person I dealt with (and the signature isn't right either), and it was sent at 3AM in the morning, so I doubt anyone from Rectron was working then. The link is to a very odd url, which when I whois, has no real information attached to it. So it's certainly a phishing email. Was just warning anyone else who may have received it.
 
Last edited:
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X