Internet security user on Windows 11. File is always up to date.
My subscription is coming due in a few weeks so I was not surprised to get an email from Kaspersky asking me to renew.
The email header is as follows:
Kaspersky US <*****@*****.tld>
reply-to:
*****@*****.tld
to:
XXX
date:
Mar 24, 2023, 7:20 AM
subject:
Your subscription will be renewed soon
mailed-by:
commerce.digitalriver.com
signed-by:
commerce.digitalriver.com
security:
Standard encryption (TLS) Learn more
The body of the email had the date of my original order, the last four digits of my credit card and my original order number. The renew now link led to the following url:
https://store.kaspersky.com/store?SiteID=kasperus&Action=DisplaySelfServiceSubscriptionLandingPage&futureAction=DisplayAddEditPaymentPage&subscriptionID=10093429001
Everything in this looked legit so I clicked through. Turns out I was phished. How did the sender get my order number, my date of order and my credit card details?
Either kaspersky had a major data leak or someone on the inside is using customer date to create fraudulent emails.
Has anyone else seen this?
