WyzGuys Tech Talk

Phishing Email Alerts

Catch of the Day: OneDrive Support Phish
Chef’s Special: Cyber Phoenix Password Phish

Examples of clever phish that made it past my spam filters and into my inbox. Some are sent by clients or readers like you, and other reliable sources on the Internet.

You can send phishing samples to me at phish@wyzguys.com.

My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.

OneDrive Support Phish

Here is another credential stealing exploit for the popular file sharing site OneDrive.  The Update Your Account button resolves to http://wyzguys.cig.zharri.com/bob@wyzguys.com, which redirects to http://terapiasconalma.cl/jkl/?email=bob@wyzguys.com.  The landing page follows the email

The sender’s email address One Drive Support <scott@tgrlandscape.com> uses the email domain for a landscaping company, not a Microsoft365 or OneDrive email domain.  Oddly enough, instead of the expected OneDrive login, I instead found a spoofed IONOS web mail login page!

This is another example of what to look for when sorting through your email inbox.

Cyber Phoenix Password Phish

I received an email that was suspicious on several fronts.  It was addressed to BobWeiss_518, which is a user name I never have used.  It was confirming a change to my password on Cyber Phoenix, a platform I am not familiar with or have ever used.

Here is the email:

The sender’s email address was from a sub-domain cyberphoenistg.wpengine.com.  The subdomain was a miss-spelling of cyber phoenix, and so was suspicious.  But the email header looked legitimate enough.  None of the links in the email redirected anywhere, so they seemed legitimate enough.

A quick Google search for Cyber Phoenix introduced me to a Yu-Gi-Oh! character card.

The Cyber Phoenix website at https://cyberphoenistg.wpengine.com/  appears to be for a legitimate technology training .

The website at https://wpengine.com/ looks like it is for a legitimate WordPress website hosting company

So curiosity got the better of me, and I sent a reply (actually a forward) to the contact person sean@yoursitehub.com named on the email.  I am interested if there will be a reply.  I will keep you posted.

New Debit Card Phone Scam

Copied from Facebook

WARNING!!!
New Scam!!! Saw this on a friend’s wall.
BEWARE, Don’t fall this very sophisticated debit card scam. Here’s how it goes: got a call, the caller ID was my bank. The guy says he’s from the fraud dept, calling about my debit card ending in —-(the 4 correct numbers), and asks if I’d been traveling, reports 2 suspicious charges that happened at out-of-state stores (Lowe’s and Walmart). I said nope, wasn’t me. He says they’ll send me a new card. He knows my address. He knows all my phone numbers. He sends a verification code to my cell and asks me to read it to him. THEN HE ASKS FOR MY PIN NUMBER, so he can deactivate it. That’s where I said “no.” But he has an answer for my suspicions: he says look at the number I’m calling from, it matches the number on the back of your card. It does! But still, then I said let me call you back and he hung up! I reported this to my bank’s fraud dept, who said WE WOULD NEVER ASK FOR YOUR PIN NUMBER. (And immediately cancelled my card.) They also said this is the new scam, they’re hearing about it a lot.    Tell everyone! Copied from a friend.