Daniel HutmacherWow, that's a pretty well-crafted scam mail.
The link goes to what looks like a legitimate company in Greece, but someone probably hacked into their Wordpress and added some hidden script logic.
So I created a new VM just to see how deep this rabbit hole goes.
Pretty convincing, no?
I gave it some fake account login. After a long wait (probably testing the credentials in real time), it told me the information was incorrect.
Gave it another dummy password, and it asked for 2FA information.
So I entered 000000, and now it's telling me I have an insecure password, lol.
Someone put a lot of work into coding this site.
After trying a set of increasingly complex passwords, it finally just redirects me to the (actual) Stripe Dashboard login page.
Fun fact, the real login page has a cookie banner.
So, ladies and gents, I finally found an actual use for cookie banners.
How's your Friday evening going?
Andreas Scherbaum@dhmacher Sweet, now the scammers will add a cookie banner just to convince you even more.
Ruth Pozuelo Martinez@dhmacher You are a brave man! I would never dare to click on those links 😬
@ruthpozuelo No no no no - this is a separate, newly minted, stand-alone Azure VM on a separate network.
@dhmacher That brings new questions? Who’s network are you on?
Annoying neighbour? 😂
@ruthpozuelo haha, maybe annoying the other Azure tenants in Sweden Central. :)
@dhmacher Omg, run forrest! 🏃♂️