Fortunately, my wife is a smart cookie and always suspicious of weird looking email. Maybe its due to the fact she lives with a paranoid guy. In any case, she caught this phishing email, which appears to be from Amazon, and leads to a fake login page.
The phishing email comes from “firstname.lastname@example.org” with the terribly spelled subject “your accounnt information need to be updated” and the content is a screenshot of an authentic Amazon email, thus bypassing filters. However, the attacker succeed in misspelling the only field he had to fill.
Clicking anywhere on the image will redirect the target to ‘http://bestofferz.biz/service/support/wp-admin/support/support/”, which host a fake login page as shown below:
And of course, it will then ask you for your credit card information, which is possibly the end goal of the phisher.
All the pages are encrypted using the same key. Only after entering this information to the target get redirected to the real Amazon website.
Remember to always check the URL and the from email address !