2021-05-28 Phishing

Note the spaces in 365, presumably to try to avoid filters looking for ‘365’.

The link I find interesting (and annoying)

Looks like it’s going to BMW USA.com. And it really is! It uses them to redirect. Not sure how, or why that works (my guess is it’s used to redirect to your local BMW retailer or something).

Interestingly they do some form of lookup for the ID. I tried a few random ones which didn’t work. So maybe dealer ID or similar?

I’ve seen a trend of this recently, where spammers are using legitimate companies as relays, so it looks more legitimate. All the ‘usual’ checks like newly registered domains, does it have links online (Alexa scores or similar) will be passed by using an actual website

I just heard back from BMW this morning that this was fixed hence the post now, nine months later about it 🙂

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s