Scammers have registered the domain COM-GRE.com and are using it to launch elaborate phishing campaigns targeting Greece.
The domain was registered on May 23rd with NameSilo.
One such phishing campaign is using the subdomain AEGEANAIR.COM-GRE.com, posing as the Greek airline’s supposed giveaway site. Aegean Airlines celebrates 20 years in operation this year, and the phishing campaign is spreading via Facebook, targeting Greek users that provide their personal information, exposing their system to digital probes in the process.
The IP addresses used by the primary domain, COM-GRE.com, are two on shared hosting provided by NameSilo, and one by QuadraNet (192.161.187.200) that has been linked to ransomware campaigns in the past.
The Facebook-driven campaign for Aegean Air is supposedly giving away free tickets, as seen below:
Let’s hope that the abuse department at NameSilo shuts them down.
Facebook is displaying the full qualifying domain for all posts shared via its social media platform, making it easier to track down such online scams.
Update: The domain COM-GRS.com is also being used, along with the subdomain AEGEANAIR.COM-GRS.com, also on NameSilo.