How To Catch a Phish

No-PhishingThe number one method used by cyber-criminals to infect your PC with malware is the phishing email. Today we will show you how to check out suspicious emails yourself.   These cleverly designed emails encourage you to open an attachment or click on and website link in order to download and install their malicious applications and exploits.  I recently received the email below, and as an exercise, checked it out on VirusTotal.  We have discussed this excellent resource before, but the message bears repeating.

I received this email for “American Airlines.”  Since I am not going to Las Vegas any time soon, and I am always on the lookout for credit card fraud, I was concerned.  But let’s look at this email.  First, no “trade dress.”  This email does not use the logo or colors of American Airlines.  It is simply a text email.  The attachment is a ZIP or compressed file, which can contain anything.  And who pays $780 to fly to Las Vegas?  This better be First Class!

AA-phish-email

 

Here’s the tricky part, because if you do this incorrectly, you will launch the exploit.  Carefully RIGHT CLICK (not left click) on the attachment and save it to your desktop.  (Save as, select desktop from the left column of locations)  Do not rename the attachment.

The go to www.virustotal.com.  Choose File from the three option tabs.  (If you were checking out a web link instead, you would choose URL)  Click on Choose File button, browse to your desktop and upload the ZIP file you just saved.

virustotal

 

The VirusTotal website will scan your file and report on when it is safe or malware.  When I scanned this file only 15 of 56 anti-malware scanners reported this as malware, which means it was pretty close to being a zero-day threat.  Nevertheless, when I see terms like “downloader, ” “script,” and “Trojan” in the results, that is enough for me to classify this email as a scam. (See image below)

The last and most important step is to delete the malicious file from your desktop (RIGHT CLICK, and while holding the Shift key, select Delete from the menu), and then empty your recycle bin.  Deleting while holding the Shift key is supposed to delete the file without putting it in the Recycle Bin, but it doesn’t hurt to be sure.

AA-phish-VirusTotal-scan

 

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.