Baits Used in Phishing Emails (1)

Phishing emails aims to obtain your sensitive information by disguising to be sent from a trustworthy entity like Apple, IRS, Amazon, etc.

Psychologically, scammers tend to integrate phishing campaign with attractive rewards or urgent requests, or even threats; while technologically, they are trying to get as close to real ones as possible.

For email users, adequate cybersecurity awareness and useful tools are the key to be immune to phishing emails.

The best way, well, is to dissect phishing emails and see through scammers’ tricks. To give you a flavor, three typical phishing scams reported last week are collected here.

The “Google Photos We Choose Your Photo” Phishing Scam

Bait: You are the lucky dog whose photo has been chosen by Google! If you sign up for the activity, you’ll get 1 GB extra Google Photos Space.

Clue: Email address mainly. dianrandi_nb@newulmtel.net (an obviously fraudulent email)

Potential result: If you sign into the phishing website (fake Google Photos website), you hand over your username and password to the scammers who will gain access to their potential victims.

Solution: Ignore it! If already been tricked, change your passwords before your account is hijacked and used fraudulently by the cybercriminals.

The Blocked Incoming Messages Scam

Bait: Some of your incoming messages are being ‘blocked’ in your Email Quarantine due to validation error (big words are used here to intimidate you). The messages will be automatically removed from quarantine after 7 days. To release these messages to inbox, you need to click on a link.

Clues:

  • Sender comprised of multiple email address (all previously compromised email accounts)
  • Dates of quarantined emails are not properly shown;
  • A typo as in “releahe”

Potential result: Having you email account compromised/hijacked.

Solution: Ignore it! If already been tricked, change your passwords before your account is hijacked and used fraudulently by the cybercriminals.

Gift Card Email Scam Targeting University

Bait: A high-ranking University personnel (impersonated) urgently need you to purchase gift cards for him/her, but will give your money back after the purchase

Clues:

  • A free, non-University email account instead of an @umn.edu email address;
  • Strange request from university faculty;
  • Need for an immediate response that the redemption code is shared.

Potential results:

  • Lose a fair amount of money that the scammer promises to return to you;
  • Leak your credit card number and PIN to the scammer and cause greater loss.

Solutions:

  • Ignore it.
  • If in question, follow up by phone or other means to confirm the email and requests.
  • If financial loss has happened, report the phishing attack to the FTC at ftc.gov/complaint.

More examples will be provided in the following blogs to hone your detection of phishing emails.

If having more problems and concerns about the e-mail you receive, you are free to click “need support” and write an email to suppot@mr2020.tech. (P.S. Remember to attach the suspicious email with it.) We will study the case and provide you with technical support in two working days.

But as mentioned in the beginning, a handy tool is equally important. You can try Mr. Post, an add-in available on Outlook, web browser and mobile phones, to add one more layer of protection to your mailbox. Get it for free from Microsoft AppSource.

GET PROTECTED NOW

References:

[1] https://www.onlinethreatalerts.com/article/2019/5/11/the-google-photo-google-photos-we-choose-your-photo-phishing-scam/;

[2] https://www.mailguard.com.au/blog/phishing-email-scam-claims-your-incoming-messages-were-blocked;

[3] https://it.umn.edu/news/gift-card-scam;

[4] Image by Muhammad Ribkhan, geralt, and Joh Hain from Pixabay.

2019-05-20T16:38:39+08:00May 14th, 2019|Insight|