Fake Kogan emails
Over the last few days we have noticed a number of emails purporting to be from Kogan. Kogan is an online retailer of mobile devices; they are aware of this particular scam and have posted a copy of the scam email on their website. For the purposes of this article, we have used a copy of an email that was blocked by the MailShark spam email filters.
The email is as shown in Figure A. The subject line of the email is “Order Verification”. The sender reads “Kogan.com”. The email looks authentic, with proper Kogan logo branding. It’s a moderately convincing phishing email. According to the email, the recipient needs to re-confirm their identity by replying to the email with copies of their driver’s licence and a utility bill. This is designed to steal the recipient’s personal information.
There are a couple of giveaways that this is a phishing email. Firstly, the email lacks personalisation: it just begins with a “Hey “. Emails from Kogan are always personalised. The second big giveaway is the domain the email is sent from. It is not the Kogan domain. Kogan emails will always have the Kogan domain name.
Kogan state on their website that:
We will never ask you for copies of any material such as passports, licenses or bills, to prove your identity. We will never ask for credit card details or passwords via email. Any email that you receive (from anyone) which requests this type of information should be treated in a careful and considered manner.
Emails such as this are likely to continue over the next week, as the Christmas and post Christmas shopping season peaks. There are steps that can be taken to avoid being fooled by the criminals: verify an email is really from a retailer; don’t click on any links, don’t send personal information via email and don’t download attachments.