Direct Deposit of $13,963.99 - Affiliate Phishing Scam

The scam begins when the victim receives an HTML-based phishing email with the subject and body highlighting a large “Direct Deposit of $13,963.99” to their account. The amount is presented as an image to bypass spam filters, alongside odd formatting like “(No_Deposit_Required)” and false Google branding to create trust. A hidden hyperlink, concealed with display:none styling, sends the user through a Google Cloud Storage link - a technique to evade detection - and onward to a malicious landing page (http://imd2.usualtimateur.in.net/dororo.html). This page displays a fake “Prove you’re not a robot” reCAPTCHA and carries the misleading browser tab title “Unsubscribe.” Completing the fake reCAPTCHA triggers a final redirect to DuckyLuck.ag, an unregulated online casino with a history of scam complaints, delayed payments, and deceptive promotions. The attacker’s goal is affiliate fraud - generating commission payments by sending unsuspecting visitors to the gambling site, not stealing sensitive information directly.