Blog

phishing-136393172641503901-140910104308

Gone Phishing: Cast a wide net when it comes to email security!

  |   cl blog

One of the really big issues that keeps our chief digital officer awake at night is digital security. This includes website hosting security, the security and privacy of our network servers and email security.

Oftentimes, the first two items above can in fact be compromised by the last item: email security. And, that usually starts with emails we receive here that are spoofing legitimate emails. These we call “phishing” exploits. Inadvertently clicking on a link in one of these emails may lead to unmitigated business disaster, including the latest exploit called Ransomware. But, we’ll talk about that issue in a future post.

Let’s start with phishing. Phishing emails are emails from unauthorized senders that look similar to authorized emails. Their main goal is to get through your security and have you download unauthorized content/tracking software on your computer by clicking on a link. Some of the most common phishing scams are from “Chase,” “iTunes,” “Apple,” and “PayPal.” Authorized senders will NEVER ask for your username and password in an email. They will always send you to their authorized website for your password and account security.

Below is an example of an “Apple” phishing email. At a quick glance, this email seems fairly legitimate. However, notice there is a typo ‘autorisation’ and ‘anauthorized.’ There are punctuation and capitalization mistakes throughout the body of the email. A good bet is that Apple will not send out an email with such gross spelling and errors.

apple_phising

Also notice the phony footer; the site says Luxembourg, which isn’t the Apple Headquarters in Cupertino, CA. All footers should have an All Rights Reserved linked page, a Privacy Policy linked page, a Company Support page, and a Feedback Page. Notice the difference between the two email footers. Below is an image of an authorized Apple email footer:

apple_phishing2

Below is an example of a less impressive UPS phishing scam. This scammer doesn’t even attach a company header. Notice all the misplaced punctuation? That is from the email server being unable to read the content in the email.

Screen Shot 2017-03-20 at 8.27.24 AM

Notice how the sender says “UPS Quantum View,” this looks fairly legitimate. When mousing over the links, there are two legitimate links here, The UPS Next day Air Saver and UPS Express box. However, when you mouse over https://wwwapps.ups.com/WebTracking…, below is what pops up:

Screen Shot 2017-03-20 at 8.27.40 AM

The grey box says http://cuavinhquang.vn which is a Vietnamese website. This is bad news! This is the phishing link. Do not click on a link that is different than the link written on the email.

There’s not a tried-and-true way to get your email off these types of lists. Often, spammers operate as a small club on an International scale, and they communicate with each other via encrypted mail. They share large lists of email databases over the dark web. They do NOT offer you the chance to unsubscribe from their phishing efforts. In fact, responding to one of these with cease and desist emails only tells them one thing: this email address is active. They’ll keep looking for new variants on their exploit attempts, and it is a real pain for your personally, for your business and especially for those who have accidentally clicked on one of these phishing links.

So, be vigilant. You can mouse over any link in an email (without clicking on it) to see the underlying URL or email address to which the link wants to send you. Immediately mark these messages as spam so that your spam filters will know what to do with the next one that arrives from the same sender. For the ultimate in safety, do not click on anything in the email. If you are curious if it is a real message, always go to the real web address for your bank, or your mortgage company or PayPal, Apple and others for which you may have a legitimate account. Always look for the https:// secure login URL, as well as the “green lock” in your browser URL bar. You can check your real account status the normal way, with your security and privacy protected.

Want to read more?

Identifying legitimate emails from the iTunes Store

How to spot fake emails