Phishing Email Alerts
Catch of the Day: Not a Phish – Real Wells Fargo Email
Chef’s Special: Fake Money Phish
Examples of clever phish that mad it past my spam filters and into my inbox. Some are send by clients or readers like you, and other reliable sources on the Internet.
You can send phishing samples to me at phish@wyzguys.com.
My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.
The Real Wells Fargo Email
I spend a lot of time analyzing phishing emails. I got this one from Wells Fargo, and as I looked it over, I realized this was a legitimate email, not a phish. What were my clues?
The sender email was from an actual Wells Fargo sub-domain notify.wellsfargo.com
The hyperlink Statements and Documents resolved to https://connect.secure.wellsfargo.com/auth/login/present?, also a real Wells Fargo subdomain.
The Internet headers proved that the email was from wellsfargo.com.
I have received phish that looked just like this, and even though I am certain this email is legitimate, I would NEVER click through link to access my account information. Instead I would use the shortcut in my LastPass password manager application to log in and authenticate. I recommend that you do likewise.
Fake Money Phish
This is a straight up money con in the style of the “Nigerian Prince” or “Lottery” type emails. All they want is your personal information and a “small fee” for shipping your $3.5 Million Master Card, plus another million by check? Is this my lucky day? Delivered on Friday the 13th, too!
Wait a minute!! I got another $15.5 Million on another Visa Card on the same day!! Wow my luck keeps getting better.
Hopefully none of my readers are going to fall for these sorts of emails, but I thought I’d share. If you have gullible family members, maybe you should share this article with them.
Chinese Phish
I often wonder what the point is with foreign language phishing emails. This example is in Chinese, which I can’t read.
But I ran it through Google Translate and got this:
Clicking to open took me too this landing page at http://mailbeian.cn/page.php. This appears to be a credential stealing exploit.
T-Mobile Survey Phish
I reported on this exploit back on April 29, but as I get two or three of these T-Mobile branded survey scams every week, I thought it would be good to put out another warning.
First point – T-Mobile is not giving away anything for a survey. All that will have is YOU will give away all your personal information and a credit card to scammers.
Here’s the email:
The link resolves to http://www.appltech.click/thrilled-ketchup/a806lv23q95eO86U12B12Z0l1u408q14sFsFf68.GsEGsi7JQJnnSd7crZO10_5nWqwDand then redirects to https://listcenters.com/ma/guri/gudedoza/sepa/xotemu/index.php
I am not going through all the steps for the survey, just check out the April 29th post. Please just ignore these emails when they show up in your inbox.
FBI: $43 billion in losses are due to Business Email Compromise fraud between 2016 and 2021
Business Email Compromise often starts with a spearphishing or whaling email. BEC is a growing type of cybercrime that generates billions in losses every year. It also involves cryptocurrency more and more, providing an additional layer of anonymity to the cybercriminals. More…
Phishing Campaign Delivering Three Fileless Malware: AveMariaRAT / BitRAT / PandoraHVNC – Part I
Fortinet’s FortiGuard Labs captured a phishing campaign that was delivering three fileless malware onto a victim’s device. Once executed, they are able to steal sensitive information from that device.
In this analysis, I’ll reveal how the phishing campaign manages to transfer the fileless malware to the victim’s device, what mechanism it uses to load, deploy, and execute the fileless malware in the target process, and how it maintains persistence on the victim’s device.
Affected platforms: Microsoft Windows
Impacted parties: Microsoft Windows Users
Impact: Controls victim’s device and collects sensitive information
Severity level: Critical
Share
MAY
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com