The below email just came in and I wanted to share it as a good example of Phishing.  Phishing is an email that you receive that tricks you into giving sensitive information like your password, or even bank account info.

That looks fairly legit, a user receiving this would believe they are missing some messages and might click the links to see what it wants them to verify.  There are numerous clues here as to why its a scam.  First, the subject is already labeled ***SPAM*** which indicates our mail server has detected this as spam already.  The from email address does not match the correct email address it should send from.  Next, I already know that none of our systems have this wording, have this format of a message, and we don’t have any subscription issues.  The grammar is very odd there as well.  I know the email address [email protected] doesn’t exist, and or they messed up the formatting so that the verify looks like part of the email address.  If you hover over the links the link preview shows they go to sites not related at all to the message.  If you hover over a link, the bottom of the screen will show the link it will open if you click it.  Here, the link goes to an address that has nothing to do with us.



Now this last image is the kicker. They have included in the link the email address they sent the email to.  This allows the website that is linked to know who has opened the emails, and that means they know you’re a sucker and will keep sending you more junk, and sell your email to other scammers.

If you do click the link it will open your browser to the link shown.  They have programmed the page to take the email address in the link, which you’re verifying back to them and make the page they show you look legitimate.  Here I’ll change the email address to be something fake, lets use [email protected].  The resulting link would take you to page like this:

Whatever email address is entered will show here in this box.  So a scammed user would think the the website is asking for their email address to sign in and check the missing messages. They enter their email password.  But this fake website doesnt know if your password is correct or not, they don’t care right now, they’re just storing your email address and password.  Once you click Login, it will take you back to this page and say it’s not correct, try again.

An unspecting user may think, well maybe it was my other password, and they enter some other password.  Now, the scammers have 2 of your passwords.  If you enter in a password again, it will then redirect you to the website of the domain name you entered.  So in this case we are directed to whitehouse.gov

I can’t seem to get it to do it again for another screenshot, but one time it displayed the website in the background, and also overlaid their fake login prompt on top of that, making it look more legitimate.  Now that we’ve entered some info to their database, they will try to log into our email account with the password we freely gave them.  If successful, they will send out email from our address to all of our past correspondences.  They will scan the incoming emails for further sensitive info like bank details, or other personal details they could use against you later.  If you only use a few passwords across your accounts, they can also begin to log into other websites with your email address and password to make purchases.  If you do keep fairly separate and secure passwords, they can reset the password on a third party account, since they have your email address they could simply use the forgot password link the other account would send you.

We see these scams daily and have many customers fall for them.  If you have fallen for this scam and need assistance sorting it out we can help at Dataforge!