Friday Phish Fry

Phishing Email Alerts

Catch of the Day: Vanity Phish
Chef’s Special: Alphabet Soup

Examples of clever phish that made it past my spam filters and into my inbox. Some are sent by clients or readers like you, and other reliable sources on the Internet.

You can send phishing samples to me at phish@wyzguys.com.

My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.


Happy World Backup Day!


Vanity Award Email

I get these “award” emails about two or three times a year.  I always find them to be hilarious. I may be a wonderful human being and a bit of a cybersecurity expert and certification instructor, but really, one of the “10 Best Security Leaders of 2023”?  I think that is a little over the top.  And the year has barely started.

What we really have here is a solicitation to purchase advertising space for $1500 dressed up as a professional recognition article.  Here’s the offer.  You will have to click on the image to make it large enough to read.


Alphabet Soup Phish

An interesting way to bypass spam filters is to use characters from other alphabets, such as those letters with accents and other diacritical marks, to replace English letters.  While it looks pretty much the same to the human eye, it’s as different as night and day to a computer. Here is an example from the  article Common Spammer Tricks :

Common languages used for this purpose are Spanish, French, Romanian, Greek, many Scandinavian languages, and the Cyrillic alphabet used in Russian and Slavic languages. As I explained last week in my Encoding series, alphabetical letters are turned into 8 digit binary number in Unicode.  The letters make look the same, but to a computer they are vastly different

Spam filters that are looking for certain words will in many cases miss these types of “words”  But here are a couple of emails that DID show up in my Spamdrain spam filter.  Notice the extensive use of non-English letters and the creative spelling of DocuFile and Sharepoint.  These are just two samples out of many that were using the same technique.

The following trick is call punycode  and also is used to register look alike domain names.  I wrote about this before in 2017 in an article about how web addresses are spoofed.  Here’s another example:

Also check out What is Punycode and Why is it a Threat

I found a couple instances caught in a different spam filter (I have 3 total)

And here is the phishing email itself.  All the links have been disabled by the spam filter, so I took a look at the source code.  This appears to be another credential grabbing exploit.

So the lesson here is to watch out for odd looking letters.  Those are not little speckles of dirt on your screen, they are foreign letters used in order to fool you, your browser, or spam filters.


 

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.