This morning’s attempt at fooling users into divulging personal information like usernames, e-mail addresses and passwords and attempts to disguise itself as an email from the “ITS help desk”
Here is what it looks like: (We have removed the dangerous parts)
From: Karen L. Mcdonah [mailto:spoofed or compromised e-mail address]
Sent: Thursday, 29 June 2017 17:41
To: Karen L. Mcdonah <spoofed mail to disguise the sender>
Subject: IT SERVICE DESK
Your password Will Expire In The Next TWO HOURS Current Mail User Should Please Log On To IT-WEBSITE To Validate Your E-mail Address And Password, Or Your E-mail Address Will Be Deactivated. Thank You.
ITS help desk
ADMIN TEAM
©Copyright 2017 Microsoft
All Right Reserve
That is it. The classic signs of a phishing email should be obvious.
- Unknown or undisclosed sender.
- Disguised to make it look like it comes from a legitimate sender (like Information Technology)
- Threatening or intimidating users into doing something quickly without checking.
- Poor grammar and spelling.
- Encourages users to click on a link in the email (which takes them to a server under the control of the criminals where they are asked to provide usernames, email addresses and old and new passwords)
- The phishing server is not encrypted (http:// instead of https://) so passwords and user data are captured in plain readable text.
Here is what the phishing site looks like. It uses a “throw-away” website provider. The criminals will use this site for a couple of hours and then close it once they have obtained their intended victim’s personal data. (which makes it financially very lucrative!)
[ARTICLE BY DAVID WILES]
Tags: phishing