Scams

TOKYOFLASH.COM Phishing Email Scam

Hey, guys so tokyoflash has a phishing email scam going on though it seems it’s only attacking online stores or shops. Yes tokyoflash is sending out phishing emails.

​

Here’s an example :

​

“Hello! 05/03/2019 I made an order in the amount of “XXX” but the payment failed. Today I checked the balance of my card and found that the money was written off. How can I take my money back? Here is a bank statement:

“tokyoflash /pdf/statment number”

The website link will be from tokyoflash dot com’s real website which leads you to a page on their website asking you to download adobe reader. If you actually download it who knows what might happen to your poor device.

I personally did not click on the link, but after doing a url scan at virus total malware turned up, and virus total users also claim to have received phishing emails from tokyo flash asking to view a “bank statement”

​

Edit:

This was the email address that sent the spam [[email protected]](mailto:[email protected]) and it might be the same for you too. It’s a fake email by the way. The mailbox does not exist.

​

​

​


The content was posted by annoyedtothetee on 2019-03-13 10:09:55 via reddit

Similar Posts

6 Comments

  1. What was the amount?

    What did the link go to

    Can you show the raw source of the email.

    Which virus scanners or sites did you use ?

  2. I got the email as well.

    “Hello! 05/03/2019 I made an order in the amount of $86 but the payment failed. Today I checked the balance of my card and found that the money was written off. How can I take my money back? Here is a bank statement:[Bank statement](https://www.tokyoflash.com/pdf/statment001854.html)”.

    I will investigate a little further.

  3. The link is to a page from the domain the email is associated with. Might be a genius way to get backlinks lol.

  4. Recently received the same mail and was quite suspicious – even more because we sell accessories for smart watches, so it COULD be legit…

    Raw source code looks like this:

    Return-Path: <[email protected]>
    Delivered-To: (My mail hosted at Porkbun was here)
    Received: by fwd1.porkbun.com (Postfix, from userid 497)
    id 3293E4AB90; Wed, 13 Mar 2019 03:45:04 +0000 (UTC)
    X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
    ip-172-31-44-82.us-west-2.compute.internal
    X-Spam-Flag: YES
    X-Spam-Level: *****
    X-Spam-Status: Yes, score=5.2 required=5.0 tests=BAYES_00,BODY_URI_ONLY,HELO_DYNAMIC_SPLIT_IP,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,RDNS_NONE,TVD_RCVD_IP,URIBL_BLOCKEDautolearn=no autolearn_force=no version=3.4.0

    X-Spam-Report:
    * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
    * [score: 0.0001]
    * 3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO’d using suspicious hostname (Split IP)
    * 0.0 TVD_RCVD_IP Message was received from an IP address
    * 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
    * See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information.
    * [URIs: tokyoflash.com]
    * 0.0 HTML_MESSAGE BODY: HTML included in message
    * 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
    * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
    * 0.7 MIME_HEADER_CTYPE_ONLY ‘Content-Type’ found without required MIME
    * headers
    * 0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
    * 1.0 BODY_URI_ONLY Message body is only a URI in one line of text or for an image

    Received: from 80.244.185.15.srvlist.ukfast.net (unknown [80.244.185.15]) by fwd2.porkbun.com (Postfix) with SMTP id 1AFA74A7C5 for <(My mail was here)>; Wed, 13 Mar 2019 03:44:51 +0000 (UTC)
    Received: by 80.244.185.15.srvlist.ukfast.net (Postfix, from userid 10002) id 76260677E32; Wed, 13 Mar 2019 02:21:05 +0000 (GMT)

    To: (My mail was here)
    Subject: [SPAM] Problem with Transaction
    X-PHP-Originating-Script: 10002:SendMail.php
    From: James Helman <[email protected]>
    Reply-To: [email protected]
    Content-Type: text/html; charset=utf-8X-Mailer: PHP/5.6.40
    Message-Id: <[email protected]>
    Date: Wed, 13 Mar 2019 02:21:05 +0000 (GMT)
    X-Spam-Prev-Subject: Problem with Transaction
    Hello! 05/03/2019 I made an order in the amount of $86 but the payment failed. Today I checked the balance of my card and found that the money was written off. How can I take my money back? Here is a bank statement: <a href=”https://www.tokyoflash.com/pdf/statment001854.html”>Bank statement</a>

    &#x200B;

  5. So I stupidly clicked on that link from my phone. What should I be doing about that. I scanned my phone with AVG Antivirus as well as Malware bytes and nothing came up. Should I assume nothing happened or is there something more I should be doing?

Leave a Reply

Your email address will not be published. Required fields are marked *