We get a bunch of emails. We do. In fact we get a shed load, every engineer, sales, and manage-person. Today we had one marked Domain Expiration SEO. It looked kosher. It smelt like something that you should pay attention to, but thankfully someone stopped and checked. What follows are a few words on what phishing is, how it comes to pass, what it looks like, and what to do about it.
We feel your pain when you call, chat, email in and say “I am getting too much spam” – and we have touched on this before as well.
However today I want to talk about the darker side of things – phishing, spearphishing, and whaling. It all falls under the category of social engineering – and the fact that on the whole – even the most Tin Foil Hatted of engineers inherently is a human being, and is nice to people – as such – she expects people to be nice to her. So they click before they think.
Wikipedia has Phishing down as the following:
“Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. The word is a neologism created as a homophone of fishing due to the similarity of using a bait in an attempt to catch a victim. According to the 2013 Microsoft Computing Safety Index, released in February 2014, the annual worldwide impact of phishing could be as high as US$5 billion“
In the same way that a Cancer Care website is as useful to an attacker, collector or seller of personal information, or general ner-do-well is as useful as one that runs a shop…. because you are – like me – “just me” and “why on earth would anyone want to access my email“… well, again – we have touched on that previously too.
Sometimes it is all a bit dark, and “how-do-you-sleep-at-night?” – for example engineers with access to networks, networks that may have access to connections, that have access to persons of interest… you are suddenly a valid target. But this is the high focus, high skill… mostly, and thankfully, its all a bit cast a wide enough net and someone will click on it.
A site or email account gets brute forced, or compromised – a script deploys some tools, and off it goes sending out its wares.
Here is todays exmaple. The title was Domain Expiration SEO. Buying hens teeth, snake oil, or indeed magic beans is not something our engineers are keen on so this stuck out with it’s subject line. Have a look at this beauty:
Now domain name protection or domain privacy is a real thing (ask us if you would like to know more). It is. But it neither costs that much, or does it have anything to do with domain name verification. Look at it there, cheekily making use of words that look good together, and looking like a legitimate email.
We sat. We pointed. We frowned. There was tutting, and someone uttered in a higher pitch than usual “cheeky!”
This is not ‘pretending to be anyone else’, and may indeed deliver the service mentioned, it is neither defrauding or telling falsehoods – so we would guess it is legal, certainty here, if on the fringes of the law … the spirit if you will. Sometimes, and increasingly they are not so. This makes us mad, and from the emails and calls we get – you too.
Hover over links if your email client allows it – see where it wants to take you… the chances are that that unpronounceable .br site, search .nu, or indeed sharepoint.com who, as lovely as they may be, are not going to be doing the email shots for your bank, hosting provider, friend stuck in a foreign country asking for money. No. So sometimes checking the links, or checking the headers to see where it came from is the way to go.
If you send out enough emails – someone – somewhere – will click on it. One click could be what it takes to get the details to your email account, or your social media, or indeed, your machine… and devices connected to your machine. In the wake of not/Petya and WannCry and far more generic lacklustre ransomware this is certainly food for thought.
So – what can I do about it?
Well – this is quite a grey area. It depends on the impact, legality, enforceability – and taking this in the context that >90% of all inbound email connections to mail servers will be spam. Drop. Ocean. However there are times when this really matters.
If this is serious however – without hesitation – report it to the police. The starting point would be ActionFraud.police.uk is the place to go for this without a doubt.
If this is spam, or you are not sure, then ask. Ask a friend, a professional, ask us. PLEASE DO NOT FORWARD THE EMAIL – however a screenshot, and if you can a set of the headers will often suffice.
Do not under any circumstances “unsubscribe” or reply. Confirmation of an email address being live is valuable commodity. Block, delete, write a rule to delete that mail in future.
Use a better spam filter. Many of our packages have the option to move to our advanced spam filter… however it does need tending which brings me on to:
Feed your spam filter – train it with spam and ham. Things have come on a great deal from the early days where words, or phrases scored points… these days collabrative efforts mean there is better visibillity, and reputation of the sender holds a great deal of weight.
Exercise some common sense…. but most of all – remember that you are human – and that these are written specifically to fish you in.
More on this and terms of reference?
If in doubt – drop us a mail and ask, you are a target, you can be monetised. Keep ’em peeled 😉