Convincing Daft.ie Phishing scam

stefg

can edit posts
Messages
223
Hi All,

I received a convincing phishing email after I had posted a daft.ie ad recently so I thought I'd post the details here. The full details are below but here are some tips on how to identify genuine from phishing emails:
  1. Check the email it was sent from in google, make sure it matches exactly one used by the website claiming to have emailed you
  2. Look out for from address that have a "via ..." suffix, this usually indicates the email is not directly from the address shown
  3. Check the message headers if you know how (google it), if there is another from address / an alias address or the from address doesn't match then something is up
  4. Never click a link in a suspect email. If in doubt right-click on the link and select copy link / URL address and paste it into a text editor like notepad, if the link is not from the site you expect then it is almost definitely fraudulent. If the address is a web hosting company that you recognise then report it to them.
The usual method of phishing involves sending emails pretending to be from a company or a website to a database of emails and hoping for a relevant receiver of the email, for example, sending AIB security login phishing emails to 100 people may only reach 30 people who bank with AIB and only 5 of those may be fooled and click the links etc.

The one I received was a bit more elaborate. Daft.ie don't display or give out your email address but rather you get emails sent to you when people fill out the form and you can then reply by email. I received an email with very poor english which is not unusual but the email addresses were odd in that they were gmail addresses with lots of '.'s in them e.g. [email protected]. I was suspicious but replied as the content of the email was relevant to the ad I posted even if the grammar was poor. This was the only enquiry to my ad who didn't subsequently reply to my email responses but I didn't think much of it.

Today I received an email claiming to be from Daft.ie. It said it was from Daft.ie Activity Alert[ scammers email address deleted!!!!! Brendan ]and is very close the proper daft email which is [email protected] and the content used language similar to that used by daft on their site and in their advertising and had all the correct logos:

Hi,
We worked up here at Daft to bring you the latest security systems to protect your account. We want to make Daft a safer place for transactions.

To maintain your account secure and to prevent problems in the future you must click on "Complete Verification" button to make sure your account wasn't affected.

Complete Verification

If we don't receive a response to this email within 24 hours, a sanction may be placed on your account and you may be declined automatically on next reservation.

Daft's Safety Online Guide.

Kind Regards,
The Daft Team

Daft Media Ltd., 3rd Floor Latin Hall, Golden Lane, Dublin 8

I knew the email was suspicious so I looked at the email headers and could see that it was relayed message rather than directly from that email address, you can usually identify this in the email head if the from address has a part saying "via [email protected]" or something similar. I also copied the "Complete Verification" link in the email (right-click and select copy URL address) and pasted it into a text editor. Surprise, surprise it wasn't a daft link it was a link to a googledrive public page. I opened this page in a private browser so none of my personal information was accessible and it was a very accurate imitation of the daft.ie login page. Everything was identical, the only difference when I inspected the source code of the page was the login details were being submitted to another private users website. I browsed their site and found they had fraudulent replica sites for a number of companies like daft.ie, myhome.ie and lots of German companies.

On the homepage of the site containing the replica websites there was a message warning users of fraudulent activity so I contact the hosting company who removed the fraudulent content and put in redirects to the real sites.
I also contacted google about the googledrive document and they removed the account. Normally I would just mark the email as spam but because this phishing attempt was a bit more elaborate I took 10 mins out of my day to get the sites closed to stop others being scammed or at least hinder the scammer.

Anywas this is a rather long post but I thought it may be useful to share and I will be send a link to this post to the companies affected so they know what to look out for.
 
Last edited:
Hi stefg

Well done on getting these sites closed down.

I have deleted their email address from your post. It's enough to tell readers that the email address was similar to the correct email address.

Brendan
 
Hi Stefg
I have just received a similar email supposedly from Daft.ie
The wording is similar to yours as in
We worked up in Daft etc.
Then they want me to click on a verification button with 24 hours.
I clicked on the email address and it said
daft@ content.ie
I have not done anything yet but not being as savvy as you please advise.
Sincerely
Hurton
 
Hi Stefg
I have just received a similar email supposedly from Daft.ie
The wording is similar to yours as in
We worked up in Daft etc.
Then they want me to click on a verification button with 24 hours.
I clicked on the email address and it said
daft@ content.ie
I have not done anything yet but not being as savvy as you please advise.
Sincerely
Hurton
Just contact daft.ie via their posted methods on the website.
 
Hi Stefg
I have just received a similar email supposedly from Daft.ie
The wording is similar to yours as in
We worked up in Daft etc.
Then they want me to click on a verification button with 24 hours.
I clicked on the email address and it said
daft@ content.ie
I have not done anything yet but not being as savvy as you please advise.
Sincerely
Hurton

Ignore it, Daft don't ever request "verification within 24 hours" etc, it's a spam / phishing email.
 
Back
Top