Phishing Email Alerts
Catch of the Day: Marketing Survey Phish
Chef’s Special: Password Expiry Phish
Examples of clever phish that made it past my spam filters and into my inbox. Some are sent by clients or readers like you, and other reliable sources on the Internet.
You can send phishing samples to me at phish@wyzguys.com.
My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.
Marketing Survey Phish?
Is this a phish or just spam? Or is it a marketing email? Because this email looks so tantalizingly bogus, plus the added inducement of an Amazon gift card, I had to check.
The email itself is very generic, but legitimate. I have to wonder how effective this is for them? Especially if I am planning to hire them to do this same kind of work for me.
The provided web address is legitimate as well
Here is the survey. I goes on for several more pages. Sometimes a cigar is just a cigar.
Password Expiry Phish
Who uses a work like expiry? Anyway, this is another in a long line of obvious credential stealing phishing exploits.
A typical login credential stealing landing page.
Horsewhisperer Phish
I filled out a survey long ago to see what would happen. Since then I have been getting different email from <support@horsewhisperertips.co.uk>. To track these emails from the original survey, i used a disposable email address <top3paidsurvey@infosecteam.net>. The infosecteam.net is one of the domains I use when sending phishing test email, and for other pen-testing purposes.
So once I set up my account, I can begin receiving some sort of “payments.” The link resolves to https://smtpstorm.com/index.php/campaigns/nd0924xyas190/track-url/cf7638owyed74/4b04f772943f1b0b83244be5ea04e92a47dcc032, which was redirected to https://get.themlooper.com/version-2/.
Here is the phishing email.
Here is the landing page.
I entered my email address
And was taken to this get rich quick and easy on the Internet page.
So what is The Money Looper? A quick Google search revealed a lot of critical web articles like this one.
What can we deduce from this exercise. Filling out surveys online is a good way to receive lots of “get rick quick” offers like this one, and related spammy emails. Here are related scams I have written about before that resulted from my original survey submission.
- Friday Phish Fry
Phishing Email Alerts Catch of the Day: Chef’s Special: Examples of clever phish that made it past my spam filters and into my inbox. Some are sent by clients or readers like you, and other reliable sources on the Internet. You can send phishing samples to me at phish@wyzguys.com. My intention…
- Friday Phish Fry
Phishing Email Alerts Catch of the Day: I Took A Survey Phish Examples of clever phish that made it past my spam filters and into my inbox. Some are sent by clients or readers like you, and other reliable sources on the Internet. You can send phishing samples to me at phish@wyzguys.com. My intenti…
- Friday Phish Fry
Phishing Email Alerts Catch of the Day: Betmaster’s Phish Chef’s Special: Facebook Lottery Scam Examples of clever phish that made it past my spam filters and into my Inbox, or from clients, or reliable sources on the Internet. I would be delighted to accept suspicious phishing exam…
This New Strain of Fake Ransomware Is Sloppy but Dangerous
Conventional ransomware encrypts the victims’ files and holds them hostage, unavailable to their owners, promising to provide a decryptor once the victims pay the ransom. In some cases being tracked by security firm Cyble, however, they offer nothing in return. The files are in fact deleted.
One such group working with “fake ransomware” is trolling for victims on malicious adult websites (more malicious than the usual run). The phishbait that lures the victims to bite is a specially crafted website with luring URLs. The phish hook is an executable with a name that would get this email trapped by your filters.
The unknown criminals behind the phishing campaign are, of course, hoping that the marks won’t notice. And in any case the victims’ system may by default hide file extensions, so the victims may not even see “[dot] exe” in the first place.
Cyble explained in their research report:
“Fake ransomware acts as a usual ransomware but does not encrypt the files. The fake ransomware shows false information that the files are encrypted and threaten the user to pay ransom for decryption. There is a possibility that victims can pay ransom to recover the files as they are renamed and unusable.
“We are not sure about the authenticity of the decryptor if the ransom is paid. Even if the decryptor is provided, renaming files to their original file name is not possible as the malware is not storing them anywhere during the infection.”
[CONTINUED] at the KnowBe4 blog with links:
https://blog.knowbe4.com/sloppy-but-dangerous-fake-ransomware
Share
OCT
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com