Fraudulent e-mail mimicking G-Mail functions

Well, recently discovered this interestingness:

Fraud Email.jpgBy creating the fake row, they hope that you unwittingly click to perhaps archive the message etc., however, when you hover over that row, malicious extensions are revealed:

pickDOTstormspanDOTcom/133549421.838678835.1606093945(null)

As well as...

pickDOTstormspanDOTcom/590053017.1143014567.1910429677(null)

Please note: in order to not hyperlink malicious extensions here, i inserted DOT and an extra (null).  When attempting to trace these extensions, DOT should be substituted with . AND the null tag with parenthesis should be removed as well.

Have to admit, they almost did a darn good job fooling me into thinking that was a G-Mail row (laughs)  The giveaway for me, was that their "re-creations" were fuzzier in display quality and somewhat distorted.  Once i got to really focusing, i was like, "What is this?"  Then of course, when you hover, you see you're going to an unknown extension.  

I have also taken the time to report this "stormspan" to Norton Safe Web.  Perhaps (if not already) they can add this domain to the auto-block list to outright prevent users from being able to access it.  

Take care,

H.B.  

PS- For those who don't know, NEVER click even their "UNSUBSCRIBE", it is part of the racket.