Alibaba's customers, be aware of phishing cancellation emails like the one below that are being sent by cyber criminals/scammers to potential victims. The phishing emails steal Alibaba customers' usernames and passwords by tricking them into clicking on a link within same emails that go to a fake Alibaba website. The fake website will ask visitors to sign in with their Alibaba's usernames and passwords. But, any attempt to sign into the fake web page will send the visitors' usernames and passwords( credentials ) to the cybercriminals behind the scam. Once the cybercriminals have gotten the stolen credentials, they will use it to gain access to their potential victims' Alibaba accounts, hijack and use them fraudulently.
It is recommended that Alibaba customers go directly to www.alibaba.com to sign into their accounts, instead of clicking on a link in an e-mail message. Once they have signed in, they will be notified of cancellations, updates or other important messages, if there are any.
The "Alibaba Group - Your Cancellation" Phishing Scams
From: Megan Young <email@example.com>
Subject: Alibaba Group - Your Cancellation (173-4364-28241)
Date: May 29, 2017 at 7:39:21 PM CDT
Your order has been successfully canceled. For your reference, here's a summary of your order:
You just canceled order 173-4364-28241 placed on May 30, 2017.
1 "Plied"; 2008, Second Edition
By: Andrea Allan
Sold by: Alibaba Group
Thank you for visiting Alibaba Group
Alibaba's customers who have been tricked by the order cancellation phishing scams are asked to change their Alibaba password immediately before their accounts are hijacked and used fraudulently. They should also check their accounts for discrepancies. For Alibaba' customers whose accounts have already been hijacked, they are asked to contact Alibaba for help.