WyzGuys Tech Talk

Phishing Email Alerts

Catch of the Day: My Nigerian Princess Phish
Chef’s Special: Account Update Phish
Also serving: Barbie Scam Phish

Examples of clever phish that made it past my spam filters and into my inbox. Some are sent by clients or readers like you, and other reliable sources on the Internet.

You can send phishing samples to me at phish@wyzguys.com.

My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.

My Nigerian Princess Phish

The old ways are the best, or are they?  They do seem to have a certain immortality.  Here is a classic 409 email, commonly known as the Nigerian Prince letter.  This scam has been floating around since before the Internet, when it really was a letter delivered by postal mail.  And yet there are still people who fall for this exploit.

Notice first the sender address Mrs. Adrienne Eliz Cousineau <noreply@worldsoft-wbs.com>.  WBS is World Business Suite, a publicly available cloud based customer relationship management service offering that the scammer is using to send out emails to a list of potential victims.  Notice the TO: address is also the sender’s address on Yahoo.com, and then in the body of the letter it is the sender at Hotmail.com.

According to the email headers, this was actually received by my bob@wyzco.com email address.  I will never understand people who believe a dying stranger in Africa has decided to give them a lot of money for basically nothing.

IONOS Account Update Phish

Here is a credential stealing phishing email.  The link resolves to https://ion04122.gitlab.io/io30012 and then redirects to https://dtesrcn451021.trsit.nl/.  The email  itself is full of inconsistencies, the sender address has misspelled IONOS with two letters S.  And the email headers show the source is not IONOS

Beware of the Barbie Scams: What You Need to Know After the Recent Movie Release

Scammers are taking advantage of the popularity of the Barbie movie, according to researchers at McAfee.

“In the last 3 weeks, we’ve seen 100 new instances of malware that have Barbie-related filenames,” the researchers write. “Once again, this shows how attackers have latched onto the movie’s hype, hoping the people will click the malicious files because the Barbie name is trending.

“The types of files varied but included typical types such as .html and .exe. By and large, attackers focused on the U.S., yet other countries have found themselves targeted as well.”

Steve Grobman, McAfee’s Chief Technology Officer, notes that criminals often exploit popular topics to distribute scams: “As Barbie makes her debut on the big screen, scammers are aiming to cash in on the summer blockbuster. A rash of scams have cropped up online, including bogus downloads of the film that install malware, Barbie-related viruses, and fake videos that point people to free tickets—but lead to links that steal personal info with spyware instead.

“Cybercriminals are always on the lookout for opportunities to make phishing and other scams more attractive and believable. They often leverage popular and well-publicized events such as movie premieres, concerts, or sporting events to trick users into clicking on malicious links.”

McAfee offers several recommendations to help users avoid falling for these scams:

[CONTINUED] Blog post with links and a Barbie phishing test template. Warn your friends and family:
https://blog.knowbe4.com/barbie-related-scams