Catch of the Day: Email Update Phish
Chef’s Special: Another Geek Squad Phish
Examples of clever phish that made it past my spam filters and into my inbox. Some are sent by clients or readers like you, and other reliable sources on the Internet.
You can send phishing samples to me at firstname.lastname@example.org.
My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.
Email Update Phish
This email sender wyzguys.com <email@example.com> is designed to look like it is coming from one of my own domains. The message is trying to entice me to verify my email address firstname.lastname@example.org. The approve or Refuse links resolve to https://email@example.com
Here is the email:
The link resolved to landing page at donhxns.web.app and what was interesting about this page is that it reflected my actual home page of my own website.
I entered the usual password and of course completed the credential harvesting mission.
The landing page then got stuck with a progress circle, and never went any further.
The email headers showed an IP address of the sending mail server at 22.214.171.124.
Which is a location in Eindhoven, Netherlands, for irrimiga.ovoffice.com. My efforts to find out anything useful about irrimiga.ovoffice.com or ovoffice.com did not reveal any useful information, so my assumption is that irrimiga.ovoffice.com or ovoffice.com are Dark Web services offered in some Malware as a Service marketplace.
Again, my warning is simple. Do not click on links in emails. If you actually have an account, go there directly by typing the URL or using a trusted browser bookmark that you have created in the past, and use regularly without incident.
Another Geek Squad Phish
I got one of these last week but if you missed it, here’s another version. Tip offs on this phish are the Gmail email address, (I’m sure the Geek Squad uses geeksquad.com or bestbuy.com email addresses), and the Geek S Consumer Handling Dept. This is not written the way a Geek Quad marketing employee would write this notice.. Also – no links, but there’s that toll free number.