Week in review 6 March 2015
As always, there was the now obligatory PayPal phishing email embedded in our weekly round of phishing emails. We also had a nice “start of month” greeting for Westpac customers, whilst ANZ customers had to click on a link after a “Huge update”. Fake Tax office emails started (again) and Google+ users were told to increase their disk quota. Finally, Kiwi Bank users were sent a very simple looking email; it was still a phishing email though. Read on to see our week in review. As always, you can click on a link to see the story in full, together with screenshots of the phishing emails in question.
PayPal user agreement phishing email
A pretty sophisticated PayPal phishing email started the week. This one had a nice picture embedded in the email. The actual email was ostensibly to make users aware of notice to changes in the PayPal user agreement. Reading on, it became apparent that there was an issue with the user’s PayPal account. As per usual the user is invited to click on a link to fix the issue. Of course, there is no issue, and this email was a fake. A sophisticated fake, but a fake nonetheless.
Confirm account details phishing email implores
ANZ bank apparently made a “huge update” to security, which meant that users had to click on a link to update their account details. The email was pretty simple, but it did use a Uniform Resource Locator (URL) containing the text “ANZ”. This made the URL text look like a genuine ANZ site. However, mousing over it revealed that the link was in fact to a fake site. The fake site was designed to steal user credentials.
Happy new month says phishing email
The crafters of this email clearly decided that the greeting “Dear <name>” is old hat, and dispensed with it entirely. “Happy new month” does sounds brighter; who knows, maybe it will catch on? Unfortunately, the crafters of this email then jumped straight to the point: click on a link; we want to confirm your account. This was another simple phishing email, but again the URL looks exactly like the genuine Westpac URL. Mousing over it reveals it to be a fake. Once again, the link leads to a phishing site.
Fake Australian Tax Office emails circulating
An email concerning one of life’s two certainties appeared this week. Apparently the Australian Taxation Office (ATO) is offering refunds. Who could refuse? Unfortunately, the email is a fake. The link in the email leads to a fake site, which attempts to steal bank account information.
Mailbox deactivation imminent says phishing email
Google+ users seemed to be the target of a phishing campaign this week. This one informed the recipient that their mailbox was facing imminent closure. To forestall this looming catastrophe the user is urged to click on a link to add more space. Or just delete a few emails. The link though is designed to steal the user’s login credentials.
Kiwibank Access verification required
Possibly this phishing email is a first attempt by a student doing Phishing 101. If so, it’s probably around a mark of C. We suspect it will snare some victims, but it’s pretty simple. The only part that is sophisticated is the URL shown in the email. Once again, the URL looks like a Kiwi Bank URL, but mousing over it shows that it is not. It leads to a phishing site. The site (if it is still there) is pretty simple too.
Scott Reeves
MailShark
Free anti-spam service
Free email filter service