This time, it’s MyHeritage.
“On the fake website, myheritaQe.com, the perpetrators set up a phishing login form to receive login information intended for MyHeritage and harvest the password. The website was made to look like part of the real MyHeritage.com homepage, with all the functionality not working except the fake login. It tries to impersonate the real website.
The perpetrators then started sending a phishing email to email addresses that they apparently compromised from GEDmatch. We don’t know if they emailed (or intend to email) all the users of GEDmatch or only those who uploaded DNA data to GEDmatch that originated from MyHeritage. What we found with all the users they did email, after speaking with these users, is that those users are all using GEDmatch. Because GEDmatch suffered a data breach two days ago, we suspect that this is how the perpetrators got their email addresses and names for this abuse.
One of the users who reported the phishing email had the email copy addressed to another unique name that is not associated with his account on MyHeritage, and that name does not exist on MyHeritage, but it’s the name associated with his account on GEDmatch, which strengthens our suspicion that the account details for phishing were retrieved by the perpetrators from GEDmatch.
The email is always sent in English, even to users whose language on MyHeritage is not English.
The email is sent from info@myheritaqe.com and note that it is myheritaqe with a Q and not with a G as it should be. That’s the domain of the perpetrators.
The email has a button called “Review DNA Match”. This makes no sense because the email does not deliver a DNA Match, and the content of the email itself is gibberish, but since the recipients are DNA users (who have been using GEDmatch) they may fall victim to this trap by being intrigued to access something called “Ethnicity Estimate v2” supposedly provided by MyHeritage. This shows that the perpetrators are sophisticated.”