A German company, selling printer ink cartridges online, fell victim to cyber attackers who stole parts of their customer data.
Tintencenter.com acknowledged the data leak and explained that the attackers gained access through a formerly unknown vulnerability in the shop’s system and collected email addresses and the provided shipping and billing addresses.
Reports in German consumer advice center forums suggest that a first wave of very sophisticated spam using the customers’ data appeared in August already. Some forum posts even suggest that some people received fake tintencenter.com emails although they have never been customers of this company. One can only speculate if the attackers maybe got hold of other companies’ databases and use all of them for their spam campaigns now.
In the recent case, the attackers used the data stolen at tintencenter.com to send order confirmation emails looking deceptively genuine – the number of spelling mistakes and odd phrases is remarkably low.
The attached PDF is currently rated as not malicious, but nonetheless you shouldn’t open it – later spam campaigns might include malicious attachments.
They want to lure the potential victims to a website they prepared themselves. The website’s domain is, again, very similar to the original. The chance to miss the small alteration is very high.
|www.tintencenter.com||tihtencenter.com (recent campaign)|
tintehcehter.com (campaign in August)
We can speculate what the attackers had in mind and can imagine two possible scenarios:
What you, as a customer of tintencenter.com, can do now:
You might have received or maybe will receive order confirmations or invoices, allegedly sent by tintencenter.com, for goods you haven’t actually ordered – as described above. The attackers might also use your personal data to send you spam messages labeled with any other company’s name. Insurance spam messages and similar ones are a quite common consequence of this kind of data leak.
If you want to read more about the scamsters’ tricks regarding emails, feel free to read our G DATA Whitepaper about “dangerous emails”, currently available in German, French, Dutch and Italian - more translations coming soon.