SPAM Action with Avangate Name on it Containing a Malware
This morning, our Risk Management Team detected a massive SPAM action coordinated against Avangate. The messages were sent from multiple locations worldwide.
While the action it-self was not in any way a Phishing action, our Team detected malware contained within the respective notifications sent to web-users.
With this occasion we want to reiterate all the signs you have to look for when receiving an email referring to your payment details.
How to figure out whether you received a FAKE message in Avangate’s name or not?
- Message was addressed to multiple recipients
- Message did not come from @Avangate.com domain
- Message announced recipient that a charge occurred 3 months ago in September
- The alleged .PDF document was in fact an .exe file
- Message addressed recipients with <Dear Customer> instead of <Dear Firstname Lastname>
- The Avangate name is spelled incorrectly as AvanGate
How to detect fake / SPAM emails:
- Check the sender. Any email coming from a respected company should have a @companyname.com domain. In our case, @avangate.com domain
- ANY official notifications should address you by FIRST and LAST name, and not by general <Customer>
- ANY official notifications from respectable companies are not sent to multiple recipients; they are addressed only to you
- If you have not shopped with the respective company before, it is always best to contact them and ask for details. In our case, we thank you personally for bringing the matter to our attention
What to do when you discover / encounter a SPAM email:
- Mark the sender as SPAM
- Do not download any content attached to the email
- Do not click any links contained
- DELETE the email immediately
Please rest assured that Avangate did not charge you anything, if you haven’t specifically purchased something with Avangate recently and please trust your email manager when it detects possible threats contained within emails.
Avangate is focused primarily on the shopper security and integrity of data (Avangate is PCI DSS Level 1 Certified) and the Avangate Critical Response Team has taken all the necessary measures to bring down the host(s) of the malware and to announce and offer support to those that have been receiving this email.
Will keep you posted. Follow our twitter stream as well for faster updates.
Please comment below if you need more details or advice on this issue or drop us a line at support [at] avangate [dot] com
The Avangate Team