Security Alert: Malicious Phishing Attempt Detected, Possibly Connected to GEDmatch Breach

A new scam has surfaced that is trying to trick genealogists and others into revealing their user name and password for MyHeritage.com. Luckily, knowing about the scam now will help you avoid it in the future. The scam is obvious if you know what to look for.

The following is a quote from the MyHeritage Blog:

“We want to alert MyHeritage users about a malicious attempt to steal credentials that we identified several hours ago and is still ongoing.

“Perpetrators whose identity is unknown set up a fake website called myheritaqe.com (same as MyHeritage, but with the letter Q instead of the letter G). They started setting up this fake website yesterday, July 20, 2020 according to whois information, which is the date on which this domain was created and registered. They used an anonymity service to hide their identity. They exploited the fact that it’s hard to differentiate between the letters q and g, especially on mobile phones.

“We immediately reported this phishing website to GoDaddy.com to have its domain removed and GoDaddy.com are in the process of taking it down. We also reported it to Azure where it is hosted so they could remove it too.

“On the fake website, myheritaQe.com, the perpetrators set up a phishing login form to receive login information intended for MyHeritage and harvest the password. The website was made to look like part of the real MyHeritage.com homepage, with all the functionality not working except the fake login. It tries to impersonate the real website.

This is what the fake website looks like:

FAKE copy of the MyHeritage home page

“‘The perpetrators then started sending a phishing email to email addresses that they apparently compromised from GEDmatch. We don’t know if they emailed (or intend to email) all the users of GEDmatch or only those who uploaded DNA data to GEDmatch that originated from MyHeritage. What we found with all the users they did email, after speaking with these users, is that those users are all using GEDmatch. Because GEDmatch suffered a data breach two days ago, we suspect that this is how the perpetrators got their email addresses and names for this abuse.'”

You can read more in the MyHeritage Blog at https://blog.myheritage.com/2020/07/security-alert-malicious-phishing-attempt-detected-possibly-connected-to-gedmatch-breach/

NOTE: MyHeritage is the sponsor of this newsletter.

4 Comments

Thank you, Dick, for that important alert. Much appreciation. ….Elaine Socol
Elaine B Socol Fullerton, CA

Like

Thank you for the alert.

Like

Thank you for the information. Keep up all the good work .

Like

Thank you for this alert. The rate of online fraud these days is really alarming.

Like

Leave a Reply

Name and email address are required. Your email address will not be published.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <s> <strike> <strong> 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: