CoolerEmail is notifying customers of a new phishing scam used to steal login credentials. The web based email marketing programme carries an impressive client list including Walmart, Toyota, Pepsi and dozens of other big name brands. Any phished credentials can be used to impersonate these companies in additional phishing or malicious emails.
If you’ve been victimised by this phishing scam, change your password immediately at the CoolerEmail website.
The fraudsters use a classic phishing 'hook' and present a very real looking email, complete with company letterhead. The email reports a recent software upgrade and asks users to follow a link in order to confirm their account details.
The disguised link suggests the user will connect directly to the cooleremail.com website. However, the link actually connects to cooleremail1.com – a domain setup by cybercriminals specifically for the phish. More information is available on the eSoft ThreatCenter Blog.
CoolerEmail has sent out a warning notice to customers and stated that they would never ask for confirmation of account details. Always be wary of emails containing any type of link or asking to update account information. If there is any doubt, contact the sender to verify the legitimacy of the email.