Identifying Suspicious Emails

Phishing is a social engineering attempt to deceive the target into providing personal or financial information or to possibly get them to install a piece of software on a computer that will enable the cybercriminal access to the target’s information.

Phishing attempts are nothing new, but as time’s gone on, some of them have become a bit more sophisticated and, in this work-from-home environment, easier to fall for.

By now everyone’s on the lookout for emails from Nigerian princes who claim to want to provide you with fabulous wealth, for just a small investment of your own, but you might not be as cautious if you see an email from “Facebook” that claims someone just tried to log into your account, or from “Amazon” who’s emailing to tell you they’ve detected fraud on your account.

It is important to protect your online identify. It is important to make sure your social media accounts aren’t compromised and your online merchant accounts are secure. But before you click a button in a panic to respond to one of these alerts, make sure you take the time to really look at it and see if it’s not a trap.

Here are examples of both the “Facebook” and “Amazon” alerts for your reference.

I have a Gmail account for personal emails. The other day while perusing my Spam inbox I found the following:

At first glance, someone might think, “I don’t know Rosina Taylor, I’m not going to click on that. Someone tried to log into my Facebook account? I better check it out!”

If you’re careful, you know this isn’t from Facebook. For one thing, it’s in my Spam folder, so even Google thought it was suspicious. But sometimes they’re wrong. Sometimes totally legitimate items show up in there. That’s why I check it. But if you look twice at the sender, you see it’s not actually Facebook that’s sending the message, but Facebook. They’re missing an o in their identity field.

Here again, to Google’s credit, there’s a big gray banner telling you it’s in your spam folder because it’s similar to items that have been identified as spam in the past. But if that’s not enough for you, take a good look at the sender’s email address: UPRBKFIQ…@tsvbxnpmsiwafloechcuwsmeesfeen.us. A legitimate email from Facebook or from any other reputable company isn’t going to come from a randomized account like this one. It doesn’t matter what else might be in the body of that message or the footer of that message. There is no doubt that this is a phishing attempt and any further action on your part to engage this message may end in your computer being compromised by a cybercriminal trying to otherwise steal your personal or financial information.

Here’s the “Amazon” example:

But say you missed that and you clicked on the message. I did to show you. This is what comes up next:

Knowing what you do now, you can see that this is also an email that doesn’t require any further action. Amazon is never going to send you a notice from alertsupport4376-recentfailedsigninappf8qtwwl7fn2c0i3z10@mail-important0562.com. Here again, you can delete the message and move on.

Both of those emails were easy to identify as phishing attempts if you just take a moment to really look. But sometimes it can be a little trickier to see. That’s why it’s really important for you to be vigilant when reading and replying to emails. If you get something from a professional contact or from a company with whom you do business that’s at all out of character or at all suspicious, look carefully at it before taking further action. If you’re still not sure, ask a trusted IT advisor.

Recently an email came into a staff email box at 702 from:

Jim Walter was the CEO at 702 for our first 20 years. Everyone here (except our newest hires) knows Jim by name, so it’s possible that he’d be emailing an employee even in retirement. There’s a little bit of legitimacy there. The email address is funky, but who knows? Maybe Jim decided he wanted to start his own email domain of “chiefe-mail.com” and send emails from it. It’s not hard to set something like that up. It’s not in character for Jim, but it’s not impossible. Let’s look at the body of the message:

Are you available, i need you to handle something for me asap, i can’t talk on phone now, just reply me here. Stay Safe

That isn’t Jim’s speech pattern. “reply me here” is a dead giveaway that this is a phishing attempt.

Our employee identified this as suspicious, reached out to our system admin regarding the email, and the phishing attempt was shut down. It does take a level of vigilance from each member in your organization to keep company information safe.

Be on the lookout in your own environment. Do your part. Stay safe out there!

Brian Crommett
CEO
702 Communications

Write a Comment

Your email address will not be published. Required fields are marked *