Know Your Enemy: These New Phishing Schemes are Hard to Spot
April 16th, 2015 by admin
A friend called me recently to gripe about his personal email account. His ISP has done a pretty good job of virtually eliminating the annoying spam he used to receive (remember your inbox way back when?), but now he's the target of two particularly relentless phishing schemes I'd like to share with you.
"Unsubscribe" with Caution
The first involves multiple emails supposedly selling products he's not interested in—life insurance, home security systems, new tires, and more. Of course, the sender hopes that if my friend prefers to quit receiving these unwanted "offers," he'll click the prominently-placed "Unsubscribe" link. But hovering his mouse over the link reveals a bogus-looking URL—that with one double-click could infect his computer or smartphone with troublesome or dangerous malware.
My friend is obviously smart enough not to take the bait, but that isn't stopping the scammer. They send multiple clusters of these emails several times a day. His ISP offers a Blocked Senders List to exclude unwanted emails, but this sender always uses a different return address made up of gibberish (such as "email@example.com") to evade blocking. He hopes this jerk will soon be arrested or just get tired of bothering him. Good luck with that.
Unfriendly "iTunes" Updates
The second scam involves Apple's iTunes. My friend receives new music "updates" from "firstname.lastname@example.org" that include logos, fonts, and graphics very similar to genuine marketing emails from Apple. While he does often download music from iTunes, he'd rather not get these emails and was about to click that boldfaced "Remove Me" link—until he noticed the URL likewise had nothing to do with Apple or iTunes. Go to a phony iTunes website, input your username and password, and you've walked into a massive headache.
Why would iTunes be an inviting target for a scam? Because their customer service is notoriously bad, and without talking to a live customer service rep, an emergency—say, an unexpected $5,000 charge to your account—would be very difficult to fix. (In Apple's defense, manning an efficient call center for the volume of iTunes customers around the world is nearly impossible). In the meantime, Apple warns the public to ignore all likely "spoof" emails that aren't sent directly from "@apple.com."
Everyone is a Target
My friend considers himself reasonably web-savvy and isn't sure how he got on a mailing list of potential "suckers." His best guess is that he's been sending out resumes for quite a while and probably replied to a bogus online want-ad meant to collect email addresses.
As you know, at MPA we pride ourselves on the comprehensive email services we provide our customers and do everything possible to protect them from malicious phishing.
But crooks will never quit trying to find new ways to sneak past email security, and we'll never be able to completely prevent human error—i.e., a careless click on the wrong link. Make sure your employees are always on guard.
Posted in: Cyber and Data Security