April 10, 2019
We are aware of reports that phishing attempts are impersonating Magento and are being used for targeted attacks. This misleading phishing email encourages users to click on a link that indicates all users are required to register for an alert platform.
The current email phishing scam has a message “Registration to Magento Alert Platform is Required” with a malicious link to attempt phishing for account credentials.
To review security notices and patch downloads, we recommend users go directly to the Magento Security Center and Magento website. To get the latest security updates, subscribe for alerts and news. This service sends legitimate emails from firstname.lastname@example.org. You can always verify the information through the Magento Security Center.
Handling the email
Recipients of this email should delete it immediately. If you have accessed the link and provided your credentials, we advise immediately resetting your password for your Magento Web account.
You can also forward questionable emails and activity concerns to email@example.com.
What are phishing attacks?
Phishing scams use false information, with a mix of branding and legitimate content, to try and fool you into giving away important information. By responding to these messages, you may unintentionally provide personal or company information, allow login to systems that could steal credentials, install malware (harmful applications), etc.
To determine if an email is a phishing attack:
Check the email header and sender to verify it is coming from Magento.
The email may not address you by your proper name or may have typing errors and grammatical errors.
Avoid installing zips or files attached to these emails.
Look at the URL for any links before clicking them. The links tend to have extra words, going to fake sites to attempt identity or credential theft.