Week in review 12 December 2014
More phishing emails emerged this week. Some were re-hashes on old themes, such as the Westfield scam emails. Phishing emails supposedly from Amazon, iTunes and PayPal also surfaced, all with the aim of stealing user credentials and credit card details.
Phishing emails target Amazon users
Truly a theme for the phishing emails this week was a sense of urgency. First up is an email sent to Amazon users. In this email, the recipient is informed that they must have changed one of their credit card, phone or bank numbers. In order to prevent issues with payments, the user is told to update their details today. However, the email is not from Amazon. The links in the email lead to a phishing site. Interestingly enough, the criminals did not even bother with a greeting; not even a “Dear customer”.
iTunes phishing emails
Second up this week is an iTunes phishing email. This one (ironically) plays upon user fears of being hacked; a not entirely unreasonable fear, given the recent high profile hack of Jennifer Lawrence’s iCloud account. In a similar vein to the Amazon email phish mentioned above, this phishing email tells the user that their iTunes account will be suspended if they do not confirm their account details within 48 hours.
Social engineering is being utilised in this phishing email; the possibility that a user account may have been hacked could spur a user into clicking on the links. The links in the email lead to a realistic looking phishing site.
Fake speeding fines install ransomware on PCs
This particular email phish has been doing the rounds for a few months; the people behind it change the look of the email each time, but the end aim is still the same: trick a user into installing ransomware.
The email appears to be from the Office of State Revenue (a NSW government agency) and it supposedly is informing the recipient that they have been fined for a speed camera infringement. The email allows the recipient to download a pdf copy of an “Invoice”; in reality the invoice contains the CryptoLocker ransomware.
Westfield chance to win email is a scam
Another email pretending to offer the recipient a chance at winning vouchers started up this week. In this one the recipient is offered the chance of winning $2000 if gift vouchers from Westfield. All they have to do to enter is click on a link in the email.
The link in the email however is to a site that is seeking to steal the recipient’s personal information.
Realistic PayPal phishing emails in circulation
A realistic looking phishing email (purporting to be from PayPal) was quarantined in our email filters today. This particular phishing email is notable for its realistic appearance. However there were still a few giveaways that it was a phishing attempt. The email informs the recipient that they have paid money to a person for goods bought on eBay.
The email goes on to tell the user what to do if they want to dispute the transaction. A link is helpfully provided; the link is not to PayPal, however, but to a phishing site. The phishing site is very realistic in appearance.
In summary
We’ll re-iterate what we said last week, which was: Take extra care when receiving unsolicited emails. Check the grammar, mouse over the links; verify that it really is from who it says it is. Don’t download attachments or follow links unless you are completely sure they are legitimate.
Remember that banks will personalise emails to you, so anything not personally addressing you should raise suspicions.
Scott Reeves
MailShark
Free anti-spam service
Free email filter service