WyzGuys Tech Talk

Phishing Email Alerts

Catch of the Day:  Betmaster’s Phish

Chef’s Special:  Facebook Lottery Scam

Examples of clever phish that made it past my spam filters and into my Inbox, or from clients, or reliable sources on the Internet.

I would be delighted to accept suspicious phishing examples from you.  Please forward your email to phish@wyzguys.com.

My intention is to provide a warning, examples of current phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your own inbox.  If the pictures are too small or extend off the page, double-clicking on them will open them up in a photo viewer app.

Betmasters Phish

I pulled this out of my spam filter for inspection because it was sent to top3paidsurvey@infosecteam.com.  This was an email I set up in a previous episode of the Friday Phish Fry to sign up on a “Make Cash Submitting Surveys” website.  I have been watching to see if this address got passed around, and it looks like it has.

This email was caught by the spam filtering provided by my email host, IONOS.  I am posting images below.  IONOS disabled all the text and image links, so to investigate this one I had to use the HTML source found in the message header.

I have included the full email headers in the linked PDF document.

Facebook Lottery Scam

Not all phishing emails are high-tech.  This lottery letter is a classic example of a 419 scam, also known as the Nigerian Prince.  Please send me your personal information so we can send you your Facebook Lottery winnings.  Of Course there is no Facebook Lottery.  Text of email follows:

From: Facebook <info@tntiran.com>
To: undisclosed-recipients:;
Date: 11/17/2020 1:18 AM/fSubject: Congrats! You have won!

Certified Winner Notification
Winning Reference No: FB/5231/2020

Dear Beneficiary,

NOTE: If you received this message in your SPAM/BULK folder, it is because of the restrictions imposed by your Mail/Internet Service Provider, we urge you to treat it genuinely.

Today, Facebook is the largest social networking website on the internet and also one of the most popular sites on the internet.  Our mission is to give people the power to build communication and bring the world close together. Your ideas and suggestions help us to improve Facebook features continually.

Be glad this day as the result of the “Facebook Global Promotion 2020” has been released and we are delighted to announce to you that your email came out in the first category and entitles you to claim $1,450,000.00.

Your email address was among the email addresses chosen Randomly from the web from which winners are selected. You were announced a winner after your email address, and Facebook was confirmed valid.

We wish to congratulate you on your victory, and you are a lucky person to have won this prize.  This correspondence officially confirms that we receive instructions relating to the payment of your winning prize.

To submit your claim, kindly provide the following information urgently

1. 1. Winnings Reference No: FB/5231/2020
   2. Full name:
   3. Country:
   4. Residential Address:
   5. Age:
   6. Gender:
   7. Telephone No:
   8. Occupation:

Kindly respond back to (support@fblottery.us) so we can commence the processing of your funds.  Congratulation once again from all our staff members and thank you for being part of our promotion program.

Regards,

Facebook Inc

[Scam of the Week] Black Friday & Cyber Monday Top 10 Cybersecurity Tips

The bad guys are at it again with holiday phishing scams, and this time from the comfort of your user’s home. Because we are in the middle of a pandemic, retailers have already started online Black Friday deals that attract scammers.

Cyber Monday will also be bigger than ever before. That means you and your users need to be extra cautious when shopping online over the Black Friday and Cyber Monday weekend.

According to TechCrunch, estimates of ecommerce growth rates by 18% will continue to increase during the holiday season. The growth in e-commerce will result in an increase of online scams. Since the beginning of November, Checkpoint research showed the first half of November already showed an 80% increase in phishing campaigns relating to sales & shopping special offers. More…

4 phishing scams to watch out for during the holidays

Fake shipping notices and charity frauds are two scams cited by the security company GreatHorn, which offers tips to consumers on how to avoid them.

Nearly Half of Spear Phishing Emails Bypass Security Filters

47% of payloadless phishing emails are able to bypass the most popular secure email gateways (SEGs), according to researchers at IronScales. These are emails that don’t contain malicious links or attachments, but instead try to manipulate the user in a more targeted manner.

“The overwhelming majority of email phishing attacks are now driven by social engineering messages aimed at prompting an action, and distributed via advanced phishing techniques such as business email compromise (BEC), VIP/CEO impersonation and other forms of email spoofing and fraud,” the researchers write.

“From an attacker’s perspective, the transition from spear-phishing emails packed with malicious payloads to social engineering was a no brainer.”  More…

Google’s Free Services and Phishing Campaigns: A Likely Pair

Cybercriminals are now launching phishing campaigns that abuse Google’s free productivity tools while also using social engineering to trick users into installing malware.

Some of Google’s free offerings range from documents, spreadsheets, online forms, and free websites. These tools are primarily used by the education sector, which can be an easy target for the bad guys to infiltrate. A new report released by email security firm ArmorBlox showed how the bad guys are creating these elaborate campaigns that look convincing but avoid any detection of a scam.

To protect your organization from these types of attacks, it’s important your users observe subject sensitive emails, especially when it’s related to money.

They should treat all email that have links and/or attachments as suspicious, and report any unsuspecting email to your security team, ideally using the Phish Alert Button (PAB) email client add-in.

Blog Post with screenshot and links:
https://blog.knowbe4.com/googles-free-services-and-phishing-campaigns-a-likely-pair

[SCARY EYE OPENER] The Bad Guys Can Now Bypass Your Filters and Implant Malicious Emails Straight Into Your Inbox

Taking advantage of IMAP functionality a new tool now available on the dark web empowers cybercriminals to circumvent mail scanners, virtual sandboxes, and other security solutions.

It’s every phisher’s dream and should be your nightmare: a means to bypass all that security software designed to weed out malicious emails, attachments and links. Well, it’s here. According to security analysts at Gemini Advisory, the tool known as “Email Appender” has hit the market on the dark web.

This tool gives any cybercriminal with a set of email account credentials an ability to implant a malicious email directly into the Inbox of that victim’s mailbox. By using an IMAP connection (which is normally used to retrieve email), Email Appender uses allowed functionality to append a message to the victim’s Inbox.   More…