Friday Phish Fry

Phishing Email Alerts

Catch of the Day:
Chef’s Special:

Examples of clever phish that made it past my spam filters and into my inbox. Some are sent by clients or readers like you, and other reliable sources on the Internet.

You can send phishing samples to me at phish@wyzguys.com.

My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.


Birthday Greeting Phish

Here is an email that looks like a marketing letter from a vendor we may have done business with.  The sender,  Kayla Harrisson <support@horsewhisperertips.co.uk>  is from an email domain I recognize since I signed up at Top3PaidSurveys.com.  You may notice the TO: line in the email goes to top3paidsurvey@infosecteam.net. First, infosecteam.net is one of my phishing test domains, and the top3paidsurvey email identity is a throwaway account I use to track emails arriving from this source.  There have been a lot of them.  Let’s take a look at this one.

This is more like a marketing related spam campaign than a phishing exploit, but you need to beware of these sorts of ploys, because they usually collect a lot of your  personally identifying information (PII) and credit card information (PCI) and use it freely for their own ends, as well as sell it to other organizations engaged in similar marketing activities.

This looks like a birthday greeting, not for you, but for their company.  In honor of that, they are offering you a free gift.

Click Here To Open Your Gift resolves to https://smtpstorm.com/index.php/campaigns/ph929otwwx4a7/track-url/cf7638owyed74/f9dede0ee6ad56c16a88eca2b1c31d72f06e22c5.  SMTP Storm is an email marketing company used by the Horse Whisperers.  It is redirected to a web page at https://www.5stepformula.biz/5sf-invitation53819430?tid=75a602ae8a4e4a57bdeb019836745ef4&affiliate_id=3973.  5 Step Formula is another get rich quick offer that the Horse Whispers are shilling for.

 

The email headers and IP address location of the sending email server mta10.smtpstprm.com IP 103.196.111.20 is in Australia, where I have seen this group operate before.

Here is the hook:  make thousands of dollars per day!

Now we get to a table of earnings

All they need is you personal information and $7.00.  And it comes with a money-back guarantee!!

 

These scams prey upon the dreams of people who don’t really understand how business works.  If these deals had any legitimacy, and really, really worked, then we would all be doing this already, and it would be a normal kind of “job” or “business” or whatever they are selling here.

This program is looking for your information and only $7.00 of your money, so not a huge risk.  Yet something tells me as you get deeper into the “opportunity” there are going to be “additional investments”  that will “double or triple” your earnings potential.  Usually this just leads to the trail of broken dreams.


Another Subscription Renewal Phish with a Side of Toll-Free Social Engineering

I’ve shown scams like this before.  The money extraction phase happens when you get angry and call the toll-free “Customer Care” line.  These people will promise to refund your money, if only they had a credit card number to apply the refund to.  If you give them a card number, of course they will charge a lot more than $379.98.

There are other problems with this email.  The email is from a sender named “Charles” but the email is signed by Maria Garcia.


U.S. Government Warns of Increased Texting Scams as Mobile Attacks Are Up 100%

Cyberattacks via SMS messaging are on the rise, and are having such an impact, the Federal Communications Commission has released an advisory on robotext phishing attacks (or smishing).

Some of their warning signs include:

  • Unknown numbers
  • Misleading information
  • Misspellings to avoid blocking/filtering tools
  • 10-digit or longer phone numbers
  • Mysterious links
  • Sales pitches
  • Incomplete information

More...


 

 

 

1

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Comments

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.