We are aware of reports that phishing attempts are impersonating Magento Commerce and are being used for targeted attacks. This misleading phishing email encourages users to click on a link that indicates all users are required to register for an alert platform.
The current email phishing scam has a message “Registration to Magento Alert Platform is Required” with a malicious link to attempt phishing for account credentials.
To review security notices and patch downloads, we recommend users go directly to the Magento Security Center and Magento website. To get the latest security updates, subscribe for alerts and news. This service sends legitimate emails from email@example.com. You can always verify the information through the Magento Security Center.
Handling the email
Recipients of this email should delete it immediately. If you have accessed the link and provided your credentials, we advise immediately resetting your password for your Magento Web account.
You can also forward questionable emails and activity concerns to firstname.lastname@example.org.
What are phishing attacks?
Phishing scams use enough false information, using branding and legitimate content, to fool you into giving away important information. By responding to these messages, you may provide personal or company information, accidentally log into systems that steal credentials, install malware (harmful applications), etc.
To determine if a message is a phishing attack:
- Check the email header and sender to verify it is coming from Magento.
- The email may not address you by your proper name or may have typing errors and grammatical errors.
- Avoid installing zips or files attached to these emails.
- Look at the URL for any links before clicking them. The links tend to have extra words, going to fake sites to attempt identity or credential theft.