Baits Used in Phishing Emails (2)

Foreword: This is the second article of the “baits” series of Mr2020. By rendering it as a series, we hope to gather as many authentic phishing email examples as possible. What’s point of it? You may ask. The nature of phishing is of key concern.

Born in the huge “scam family”, human psychology is bound to be exploited in phishing emails; resorting to technology, it must be self-evolving yet can’t be flawless. These traits make it more than necessary to know the flaws of phishing and then get immune with it.

Seller Performance Phishing Scam

“RedWing” posted on the Seller Forums of Amazon Service an email as follows:

Apart from the mistakes in using capital letters and punctuations, this email exposes itself in the sender information:

Sender: seller-performance@amazon.com <seller-performance@aws2-amazon.com>

Although the sender claims itself to a legitimate Amazon email, its real identity is shown in the bracket as a fake one (aws2-amazon.com).

Fake “Account Banned” Phishing Scam

“The world is my oyster.” Definitely right in the game you play, but not quite the truth outside the game.

Game player RawrrLicious reported a phishing email on the forum of RuneScape, towards which the supporting group replied

The ‘from’ address on an email is easy to fake, so you should never rely on that to judge the authenticity of an email.

Then what we can count on to tell whether the email is authentic or not? Here’s the suggestion from Jagex, the company running RuneScape:

Advance Fee Scam Email

Pennies from the sky that try to trick a fortune out of you – this is the nature of advance fee scam. According to FBI, such a scam occurs when the victim pays money to someone in anticipation of receiving something of greater value—such as a loan, contract, investment, or gift—and then receives little or nothing in return.

As was reported by Hoax-Slayer recently, there was an advance fee scam email in the excuse of “Oxam GB-UK Grant”,

If you contact “Dr Harry” as instructed, you will be told that you must send money to cover various imaginary expenses before the supposed grant can be processed. If you comply and send money, further requests will follow.

The scammers may also ask you to provide your personal and financial information, ostensibly to allow the processing of your claim.

Now you are one step closer to a smart fish not to be phished. Try to add one more layer of protection to your mailbox with the handy tool we develop — Mr. Post. It is an add-in available on Outlook, web browser and mobile phones. Get it for free from Microsoft AppSource.

GET PROTECTED NOW

2019-06-14T15:14:18+08:00May 21st, 2019|Insight|