SIGforum.com    Main Page  Hop To Forum Categories  What's Your Deal!    "Phishing" e-mails getting more sophisticated
Go
New
Find
Notify
Tools
Reply
  
"Phishing" e-mails getting more sophisticated Login/Join 
His diet consists of black
coffee, and sarcasm.
Picture of egregore
posted
Partial text of one I got purporting to be from Spectrum, my ISP:

quote:
Your Spectrum.net account is now pending for verification

Your Spectrum Account is now under verification review. Please sign-in again so that we can verify your device!

A green check mark indicates your equipment is communicating with our network and should be working as expected .

Your Spectrum account does not pass the latest security check. Therefore, your account must be updated. To avoid deletion, please use the link below:

It is even from spectrum at customeremailnotifications dot com. If not for the language being slightly "off," the inappropriate capitalization and punctuation (the exclamation point is superfluous) and that I have to be signed into the account to read the e-mail in the first place, it looks quite realistic. I can see someone less "savvy" than myself clicking on that link.
 
Posts: 29038 | Location: Johnson City, TN | Registered: April 28, 2012Reply With QuoteReport This Post
Drill Here, Drill Now
Picture of tatortodd
posted Hide Post
I really hope Trump lets our cyberwarfare people go after them. It'll be good training and it'll benefit all Americans.

Back to reality. A few things to check when receiving e-mail:
  • Who is the e-mail from? Joe@microsoft.support.com (fake) vs Joe@support.microsoft.com (potentially correct)
  • Where does the link take you? There will always be a link in Phishing. Same thing with domain name microsoft.support.com (fake) vs support.microsoft.com (potentially correct)
  • Is it too good to be true? For example, most successful mock phisihing attack at work from Corporate IT was for a large Apple discount.
  • Is there a claim of urgency or emergency?
  • As the OP mentioned, spelling or grammar is off

    A few tips:
  • Turn off any mouse settings for autoclicking. This prevents you from hovering over a link to see domain, and automatically clicks the potentially dangerous link
  • Never click a link in e-mail whether in inbox or spam folder. Instead, use your browser and either type legitimate URL or use your bookmarks.
  • Don't read e-mail when you're in a rush or stupid tired. More likely to miss the clues and unleash a shitstorm on yourself.



    Ego is the anesthesia that deadens the pain of stupidity

    DISCLAIMER: These are the author's own personal views and do not represent the views of the author's employer.
  •  
    Posts: 23940 | Location: Northern Suburbs of Houston | Registered: November 14, 2005Reply With QuoteReport This Post
    Staring back
    from the abyss
    Picture of Gustofer
    posted Hide Post
    I was told by our IT guys recently that email addresses can look accurate in spelling and format (like tatortodd's example of support.microsoft.com), but have one letter in a nearly imperceptible different font.

    That's all it takes apparently.

    Call the beekeeper.


    ________________________________________________________
    "Great danger lies in the notion that we can reason with evil." Doug Patton.
     
    Posts: 20990 | Location: Montana | Registered: November 01, 2010Reply With QuoteReport This Post
    Member
    posted Hide Post
    My wife got a text today supposedly from PayPal asking her to verify a charge . It told her to report a fraudulent charge by calling " Customer Service " and it gave a phone number . PayPal does everything in their power to avoid dealing with people over the phone so I was suspect right from the start . The account we have that is strictly for PP showed no activity so that clinched it .
     
    Posts: 4417 | Location: Down in Louisiana . | Registered: February 27, 2009Reply With QuoteReport This Post
    Member
    Picture of SPWAMike0317
    posted Hide Post
    quote:
    Originally posted by selogic:
    My wife got a text today supposedly from PayPal asking her to verify a charge . It told her to report a fraudulent charge by calling " Customer Service " and it gave a phone number . PayPal does everything in their power to avoid dealing with people over the phone so I was suspect right from the start . The account we have that is strictly for PP showed no activity so that clinched it .


    I received a similar email. It appeared sufficiently legit that I checked my Paypal account to ensure there wasn't a charge. The scammers are getting more deceptive.



    Let me help you out. Which way did you come in?
     
    Posts: 762 | Location: North of Pittsburgh, PA | Registered: January 29, 2013Reply With QuoteReport This Post
    Member
    Picture of dsiets
    posted Hide Post
    quote:
    Originally posted by Gustofer:
    I was told by our IT guys recently that email addresses can look accurate in spelling and format (like tatortodd's example of support.microsoft.com), but have one letter in a nearly imperceptible different font.

    That's all it takes apparently.

    Call the beekeeper.

    I fell for just regular font w/ just a slight misspelling*.
    Our brain corrects it for us so its important to take our time and be sure.
    I don't use links in emails in which I have an account and password. I open my password program and use that link.

    *It was an old Blizzard game account so no big deal.
     
    Posts: 7533 | Location: MI | Registered: May 22, 2007Reply With QuoteReport This Post
    His diet consists of black
    coffee, and sarcasm.
    Picture of egregore
    posted Hide Post
    Here's one from "Social Security" from a week ago.
    quote:
    We have made significant improvements to your Social Security Statement to enhance its clarity.
    We encourage you to review it annually for the following purposes:
    Verify the accuracy of your earnings record.
    Explore your estimated retirement benefits, available between the ages of 62 and 87.
    Access additional information through tailored fact sheets that align with your age and earnings history.
    <click link>

    The sender's e-mail is from zoomcities dot com, a red flag, but not everyone getting one of these will notice.
     
    Posts: 29038 | Location: Johnson City, TN | Registered: April 28, 2012Reply With QuoteReport This Post
    Oriental Redneck
    Picture of 12131
    posted Hide Post
    "Phishing" e-mails getting more sophisticated
    quote:
    To avoid deletion, please use the link below:

    There is nothing sophisticated about that. That is obvious phishing. I take it that it was unsolicited email in the first place? And that shit asking you to click on the link to update this and verify that is the nail on the coffin. Doesn't matter that the email address looks right, because it's meaningless.


    Q






     
    Posts: 28196 | Location: TEXAS | Registered: September 04, 2008Reply With QuoteReport This Post
    Member
    Picture of sourdough44
    posted Hide Post
    The simple way to handle any of these is to delete, then ‘if desired’ to check further, log in through a trusted pathway.

    Most of us have a bank app or bookmark we log in with at times. Go that trusted route, check the item in question.

    The same holds true for a phone call, hang up, use trusted channels if you want to verify. Of course most would never call you anyway.

    If in doubt, hang up or delete.
     
    Posts: 6538 | Location: WI | Registered: February 29, 2012Reply With QuoteReport This Post
    Oriental Redneck
    Picture of 12131
    posted Hide Post
    quote:
    Originally posted by sourdough44:
    ...The same holds true for a phone call, hang up, use trusted channels if you want to verify. Of course most would never call you anyway.

    None that are legit would ever call and ask for personal info.
    quote:
    If in doubt, hang up...

    Better yet, never even answer these assholes.


    Q






     
    Posts: 28196 | Location: TEXAS | Registered: September 04, 2008Reply With QuoteReport This Post
    Thank you
    Very little
    Picture of HRK
    posted Hide Post
    quote:
    Originally posted by sourdough44:
    The simple way to handle any of these is to delete, then ‘if desired’ to check further, log in through a trusted pathway.

    Most of us have a bank app or bookmark we log in with at times. Go that trusted route, check the item in question.

    The same holds true for a phone call, hang up, use trusted channels if you want to verify. Of course most would never call you anyway.

    If in doubt, hang up or delete.


    This, if no, when I get those emails if I want to check the source then it's off to the app or going directly to their web page, not using the email link to validate if there is a problem. Or pull out the cc and call the toll free number on the card.

    Basic rule is that you'll never get any unrequested valid email from any financial company asking you to login to fix something, ever... and your best bet is to login to their web page and setup two factor security where your phone gets a text to confirm any change requests with an access code.
     
    Posts: 24650 | Location: Gunshine State | Registered: November 07, 2008Reply With QuoteReport This Post
    Member
    Picture of m1009
    posted Hide Post
    Oh I hate those emails! I too just got an email, supposedly an order I placed for > $600 and they even had a screenshot of my supposed invoice with my name, on the PayPal account, for some camera. I did notice PayPal had a space between the pay and pal, so I wondered about that space. And it gave me a ship to address, not mine. I of course checked my account directly and no activity there for any camera. I never click on those emails, or call a number listed in the email.
    I always check my balances and accounts after getting emails like that just in case.
     
    Posts: 1170 | Registered: September 27, 2008Reply With QuoteReport This Post
    Itchy was taken
    Picture of scratchy
    posted Hide Post
    Never click a link in an email. Login to the site using a known good URL, like from your bookmarks. Always use a trusted source to verify.


    _________________
    This space left intentionally blank.
     
    Posts: 4132 | Location: Colorado | Registered: August 24, 2008Reply With QuoteReport This Post
    Don't Panic
    Picture of joel9507
    posted Hide Post
    Guessing the 'better class' of scammers is using AI to make their BS less detectable.
     
    Posts: 15233 | Location: North Carolina | Registered: October 15, 2007Reply With QuoteReport This Post
    quarter MOA visionary
    Picture of smschulz
    posted Hide Post
    NEVER respond to sensitive information exchange that YOU did not initiate yourself.
    That means any email regardless of how legitimate it looks.
    Same goes for phone calls coming in for example "Your TV Service".
    The key is the giving up critical information that someone else asks for.
    It's todays common sense.
     
    Posts: 23407 | Location: Houston, TX | Registered: June 11, 2006Reply With QuoteReport This Post
    Member
    posted Hide Post
    quote:
    Originally posted by scratchy:
    Never click a link in an email. Login to the site using a known good URL, like from your bookmarks. Always use a trusted source to verify.
    Preach it !
     
    Posts: 4417 | Location: Down in Louisiana . | Registered: February 27, 2009Reply With QuoteReport This Post
      Powered by Social Strata  
     

    SIGforum.com    Main Page  Hop To Forum Categories  What's Your Deal!    "Phishing" e-mails getting more sophisticated

    © SIGforum 2024