WARNING: Thailand Pass spoof email with malicious links
It seems that government websites in Thailand are often the target of successful hacker attacks and now it appears the Thailand Pass site is no exception. Reports are surfacing of people receiving a spoof email regarding the Thailand Pass pointing them to malicious content.
It is believed that the email database collected by the Thailand Pass website has been accessed by hackers who are using the list of applicants to spread malware. Users have reported receiving fake emails warning that there is something wrong with their Thailand Pass application and urging them to download an attachment from a link in the email. The test has some telltale warning signs such as poor English and punctuation.
“There is a problem related to the request, please download the attachment and update the information. Important note. [sic] You must open the document from a PC and not from the [sic] phone”
The sentence fragment and the lack of closing punctuation should be a red flag not to click the link, which is highlighted by a button and a QR code that has been crudely crossed out. The link leads to a site at gamecardsy.com – a site that has been flagged by Google Safe Browsing as a harmful or malicious site. Google’s warning states that the site may try to trick you into downloading or installing malicious files that could spam you or harm you.
The QR code included in the spoof email is for a Thailand Pass for a Mr Hongkam and it appears everyone is getting the same generic email with the same Thailand Pass registration account.
Anyone who receives an email like this is advised not to click any links and to warn others who may receive the phishing email. It is always good practice to not click links in any unsolicited email you receive. When in doubt about the validity of an email that seems official, like this one from Thailand Pass, it is advised to open your browser and manually type in the link to the business or service to make sure you are not redirected to a scam or malware.