WyzGuys Tech Talk

Phishing Email Alerts

Catch of the Day:  Vanity Award Phish

Chef’s Special:  Shopping Survey Phish

Examples of clever phish that made it past my spam filters and into my Inbox, or from clients, or reliable sources on the Internet.

I would be delighted to accept suspicious phishing examples from you.  Please forward your email to phish@wyzguys.com.

My intention is to provide a warning, examples of current phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your own inbox.  If the pictures are too small or extend off the page, double-clicking on them will open them up in a photo viewer app.

Vanity Award Phish

Years ago I received the “President’s Award for Innovation” from American Paging, a company I worked for.  In my acceptance speech I brought down the house when I said that “this award is the first one I have received that I didn’t make myself.”

Here is your opportunity to win an “award” for your company.  Is this a phishing email, spam email, or marketing email?  Whatever it is, this is basically some clever guy with a trophy business who has figured out how to sell more awards.  That’s right, you can select an award to purchase from an extensive list of designs.

Here is the email and the landing pages.

Bayport is a pretty small town, with 1200 citizens in town and another 1800 criminals serving time in the prison.  I would have heard of this organization, if it really existed.

Shopping Survey Phish

Here is another “is this a phish or spam?” emails.  After I worked my way through the survey, and won my “award” I had to part with my shipping address and credit card information, which may be the goal of this scam.  I have received five of these in the last week, and the logos involved include Walmart, Home Depot, and Amazon.  The domains used all seem to end with a domain name followed with the .xyz top level domain, such as airfx.xyz and wmtsurveryshop.xyz.

Here’s the email

The Give Feedback links resolves to

http://www.wmtsurveryshop.xyz/1b56I23pR95s86Bn9q4dp2Hf2z14zFsFf68.GsEGsi6mdT99Q6SR1M0v5MB@wD/jeopardize-costumes  then redirects to https://souldatabase.ru/lojeru/deme/yubeja/index.php.  This is using a Russian domain name

The landing page is below.

I took the 12 question survey.  All of the questions were pretty innocuous.  Then on to my “prize”

Selecting the dash came came with a form for paying for shipping, and providing my shipping address and  credit card information.  I was redirected once more to https://www.highlyratedgadgets.com/realsavings/DT2/?affid=2&c1=&c2=w0n9jdaek3mbf8me27un6a2k&c3=&click_id=25c889b5da464fe393876b2553050c78

I ran the links through VirusTotal, and the first links came back flagged for spam.

The next link was clean, but the fact it was a Russian domain name, made me suspicious.  The last link was also clean on VT.

The entire presentation was very professional, and believable.  No I did not order the night vision camera, and neither should you.  I expect you will never receive the merchandise.  Plus there will be some unexpected charges on your credit card.

Unclaimed Assets Phish

This exploit was down by the time I got to it, but these kinds of emails are usually just scams.  I suspect that a lot of personal information is collected by the site forms.

Virus Alert

And there appears to be a phishing email with a malware laden attachment going around with PURCHASE CONTRACT in the subject line.  I don’t have the email, just the warning I got from my mail host.  Today I received four of these from different spoofed sender addresses.

Phishing Impersonation and Attack Trends in 2021

Facebook overtook Microsoft as the most impersonated brand in phishing attacks last year, according to a new report from Vade Secure.

“Barely edging Microsoft out of the top spot, Facebook is the most impersonated brand of 2021, representing 14% of phishing pages analyzed by Vade,” the researchers write. “Facebook, which sat at #2 on the Phishers’ Favorites list in 2020, has seen increased interest from phishers over the last two years.”

“While Facebook has dominated social media for more than a decade, disruptive social changes, including COVID-19 and political unrest, created a perfect storm for phishers’ to capitalize on the last two years. Always ready to exploit a bad situation, phishers’ have no doubt kept tabs on Facebook and found ample opportunities to exploit its users.”

The two atop the leader board may both be IT companies, but another sector is heavily represented in the field. Unsurprisingly, more than a third of phishing attacks impersonated companies in the financial industry.

“Representing 35% of all phishing pages, financial services was the most impersonated industry of the year,” Vade says. “Crédit Agricole, Chase, Wells Fargo, and PayPal are among the top 20 most impersonated brands, while financial services overall had six brands on the list.”

The researchers also observed an increase in tech support scams that encouraged recipients to call a phone number rather than click a link in the email.

“In March 2021, Vade began tracking a phishing campaign that impersonated several antivirus providers, including Norton, McAfee, and Microsoft,” the researchers write. “Unlike traditional phishing emails, the tech support scams did not include links but phone numbers.”

“Users were urged to call a phone number in the footer of the email to either renew their subscriptions or be charged a renewal fee. Once on the phone, users are lured by hackers who convince the users that their computers are infected with malware. Vade detected 1 million tech support scam emails between March and April 2021.”

New-school security awareness training can enable your employees to recognize phishing attacks like this.

Blog post with links:
https://blog.knowbe4.com/2021-phishing-impersonation-attack-trends-2021