Catch of the Day:
Examples of clever phish that made it past my spam filters and into my inbox. Some are sent by clients or readers like you, and other reliable sources on the Internet.
You can send phishing samples to me at email@example.com.
My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.
Birthday Greeting Phish
Here is an email that looks like a marketing letter from a vendor we may have done business with. The sender, Kayla Harrisson <firstname.lastname@example.org> is from an email domain I recognize since I signed up at Top3PaidSurveys.com. You may notice the TO: line in the email goes to email@example.com. First, infosecteam.net is one of my phishing test domains, and the top3paidsurvey email identity is a throwaway account I use to track emails arriving from this source. There have been a lot of them. Let’s take a look at this one.
This is more like a marketing related spam campaign than a phishing exploit, but you need to beware of these sorts of ploys, because they usually collect a lot of your personally identifying information (PII) and credit card information (PCI) and use it freely for their own ends, as well as sell it to other organizations engaged in similar marketing activities.
This looks like a birthday greeting, not for you, but for their company. In honor of that, they are offering you a free gift.
Click Here To Open Your Gift resolves to https://smtpstorm.com/index.php/campaigns/ph929otwwx4a7/track-url/cf7638owyed74/f9dede0ee6ad56c16a88eca2b1c31d72f06e22c5. SMTP Storm is an email marketing company used by the Horse Whisperers. It is redirected to a web page at https://www.5stepformula.biz/5sf-invitation53819430?tid=75a602ae8a4e4a57bdeb019836745ef4&affiliate_id=3973. 5 Step Formula is another get rich quick offer that the Horse Whispers are shilling for.
The email headers and IP address location of the sending email server mta10.smtpstprm.com IP 126.96.36.199 is in Australia, where I have seen this group operate before.
Here is the hook: make thousands of dollars per day!
Now we get to a table of earnings
All they need is you personal information and $7.00. And it comes with a money-back guarantee!!
These scams prey upon the dreams of people who don’t really understand how business works. If these deals had any legitimacy, and really, really worked, then we would all be doing this already, and it would be a normal kind of “job” or “business” or whatever they are selling here.
This program is looking for your information and only $7.00 of your money, so not a huge risk. Yet something tells me as you get deeper into the “opportunity” there are going to be “additional investments” that will “double or triple” your earnings potential. Usually this just leads to the trail of broken dreams.
Another Subscription Renewal Phish with a Side of Toll-Free Social Engineering
I’ve shown scams like this before. The money extraction phase happens when you get angry and call the toll-free “Customer Care” line. These people will promise to refund your money, if only they had a credit card number to apply the refund to. If you give them a card number, of course they will charge a lot more than $379.98.
There are other problems with this email. The email is from a sender named “Charles” but the email is signed by Maria Garcia.
Cyberattacks via SMS messaging are on the rise, and are having such an impact, the Federal Communications Commission has released an advisory on robotext phishing attacks (or smishing).
Some of their warning signs include:
- Unknown numbers
- Misleading information
- Misspellings to avoid blocking/filtering tools
- 10-digit or longer phone numbers
- Mysterious links
- Sales pitches
- Incomplete information