Baits Used in Phishing Emails (3)

Foreword: This is the third article of the “baits” series of Mr2020. By rendering it as a series, we hope to gather as many authentic phishing email examples as possible. What’s point of it? You may ask. The nature of phishing is of key concern.

Born in the huge “scam family”, human psychology is bound to be exploited in phishing emails; resorting to technology, it must be self-evolving yet can’t be flawless. These traits make it more than necessary to know the flaws of phishing and then get immune with it.

Netflix Auto Subscribe Scam

According to Metadata Consulting, a Netflix phishing email attempt has been around for a while and has made it through spam filters.

The baits here is failed automatic Netflix subscription. Without it, you will have to take the trouble of reminding yourself of service renewal.

Although having a neat way of organizing contents in this email, it exposes itself from three aspects:

  1. Real sender. Though claiming itself to be a Netflix email, it has a domain name of mentalcengeng[.]com – apparently not a legitimate Netflix email.
  2. Typos and grammatical mistakes. There’s no period at the end of the first paragraph and “informations” is not grammatically correct in English.
  3. Legitimacy of links in the email. Hover over all the links in this email and you’ll find the site not from

Office 365 File Deletion Alerts Scam

BleepingComputer reported a phishing email with the impersonation of Office 365. The bait is your concern about cybersecurity coupled with the urgency to tackle potential data tampering in your inbox.

Since the email sender was not shown in the original email source, we may not decide its email address. And its language is clear and decent. What else can we check?

Do check the authenticity of URL of “View alert details”.

For Microsoft and Outlook, login forms only come from microsoft[.]com, live[.]com and outlook[.]com, and users should avoid any other login prompt from other URLs. In this case, is not a legit login page for Microsoft.

By the way, in case of data loss, tampering or ransomware attack, you are recommended to install Mr. Guard for your Outlook. This is a tool to store your important emails on OneDrive and detect if there is any data tampering.


FedEx Scam

TheDefenceWorks just concluded FedEx Scam as scam of the week in line with prevalent brand impersonation scams of Apple, Amazon, Microsoft and Netflix. The example shown here is simple and concise.

It counts on your curiosity to see what exactly is the “confidential personal information”.

Two URLs in this email, “Click here” and “More details”, will take you to spoof websites for your personal information. Hence, don’t ever open this Pandora’s box.

However, this trap is quite hard to fall for, because the sender shown in the red rectangle has literally nothing to do with FedEx. You are too smart to be phished by this one.

The thing is, beside these common tricks, scammers are upgrading their technology and generating new schemes. You might as well want to supplement your toolkit with anti-phishing tools. Mr. Post is the one we recommend.

We’ve condensed all the deduction and reasoning of whether it’s a phishing email into an add-in. Available now on Microsoft AppSource.


2019-11-04T16:32:53+08:00June 14th, 2019|Insight|