Your Free Email Phishing Detector

The fastest growing threat to your business’s cyber-security is coming from inside the house! It’s your company’s email.

Many of the most common cyber-security threats originate with a fake email targeting your users. This is commonly called a “phishing” attack.

There are lots of different processes and technologies that can assist with preventing these attacks, but one of the best protections is to educate yourself and your staff on how email “phishing” attacks work and how to prevent becoming a victim to one of these scams.

It All Starts With A Click

Below is an example of an email I received from a customer asking if this was SPAM or a “phishing” scam. It is a scam. There are a couple of “tells” that let me know this is not a legitimate email.

  1. Incoming address mismatch: Take a look at the top line or “display name.” It purports to come from notification@dropbox-online.com, but if you hover over the link (Or display it as I have shown) the actual sender is wjc28@corneli.edu. This is usually a hacked account that is being used as the sender to hide the scammers identity. Either way, it doesn’t sound like an official dropbox account.
  2. The Subject: “Document Received.” We all lead busy lives, but chances are you do not receive very many document attachments that you are not expecting – especially not invoices. True, it does happen, but your red flags should be up the moment you see an unexpected attachment from an unknown sender.
  3. The attachment: A PDF via a link. The Scammers really need you to click that “attachment” to get to the next step in the scam. They often will disguise these as PDFs, Dropbox or Office documents, but beware – a real attachment is a file, not a link.
  4. The link points to an unknown location. If you hover over a link, you can see where it is pointing to in your browser status bar. In this example the link doesn’t point to dropbox-online.comatelier-a3.pw/boat.htm.” See below. Very phishy indeed…

The Next Step

If you are were unfortunate enough to click on that “document,” now you are just a step away from giving away your email credentials. Here is the page you are presented with in the case of this particular scam:

A fascinating cornucopia of login options for you to explore. They will take all comers: Office 365 accounts, Outlook, AOL, or Other if you are willing to try something else. All with the fake security of the McAfee and Verisign logos.

Hopefully you will have noticed the URL line of the website is:

Again, “https://www.linkedin.com/redir/phishing-page?url=www%2earboraust%2emen” is certainly not a Dropbox authorized website. This mismatch is the next “tell” and is likely either a fake site or a hijacked site that they have injected their own code.

If you are unfortunate enough to click on one of the links you will see another well-designed fake site:

This one is also designed to look like a legitimate login page, but with another mismatched site URL. If it doesn’t say microsoft.com in the URL, it’s not Microsoft. Back out now while you still have time!

The Final Frontier

If you or your employees did type in your password, this is where the real problems begin. Scammers don’t usually make their move right away. They are patient and will often lurk in the background. They can make rules and filters to hide communications from the email’s owner and essentially steal your employee’s identity. This is usually all in service of gaining access to company information or setting up wire fraud scams with your bank or payroll company.

What Can You Do?

As you can imagine, it’s much harder to find a scammer once they are inside the network, so its much better to keep them out in the first place. The best technology currently to paralyze a successful phishing attack is 2 factor authentication. Many people have seen this already with banking sites and apps that send a text message with a unique code whenever you login on a new device.

The same technology is increasingly available for many email platforms and is becoming our standard security recommendation.

The other tool you have is education. We provide email training to all of our customers to help provide the ounce of prevention that can help avoid the expensive and frustrating pound of cure. Contact me if you’d like to learn more.

Jonathan Sandmel

jonathan@steadynetworks.com