Catch of the Day: Vanity Phish
Chef’s Special: Alphabet Soup
Examples of clever phish that made it past my spam filters and into my inbox. Some are sent by clients or readers like you, and other reliable sources on the Internet.
You can send phishing samples to me at firstname.lastname@example.org.
My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.
Happy World Backup Day!
Vanity Award Email
I get these “award” emails about two or three times a year. I always find them to be hilarious. I may be a wonderful human being and a bit of a cybersecurity expert and certification instructor, but really, one of the “10 Best Security Leaders of 2023”? I think that is a little over the top. And the year has barely started.
What we really have here is a solicitation to purchase advertising space for $1500 dressed up as a professional recognition article. Here’s the offer. You will have to click on the image to make it large enough to read.
Alphabet Soup Phish
An interesting way to bypass spam filters is to use characters from other alphabets, such as those letters with accents and other diacritical marks, to replace English letters. While it looks pretty much the same to the human eye, it’s as different as night and day to a computer. Here is an example from the article Common Spammer Tricks :
Common languages used for this purpose are Spanish, French, Romanian, Greek, many Scandinavian languages, and the Cyrillic alphabet used in Russian and Slavic languages. As I explained last week in my Encoding series, alphabetical letters are turned into 8 digit binary number in Unicode. The letters make look the same, but to a computer they are vastly different
Spam filters that are looking for certain words will in many cases miss these types of “words” But here are a couple of emails that DID show up in my Spamdrain spam filter. Notice the extensive use of non-English letters and the creative spelling of DocuFile and Sharepoint. These are just two samples out of many that were using the same technique.
Also check out What is Punycode and Why is it a Threat
I found a couple instances caught in a different spam filter (I have 3 total)
And here is the phishing email itself. All the links have been disabled by the spam filter, so I took a look at the source code. This appears to be another credential grabbing exploit.
So the lesson here is to watch out for odd looking letters. Those are not little speckles of dirt on your screen, they are foreign letters used in order to fool you, your browser, or spam filters.