Phishing attacks are more rampant than ever before, rising by more than 162% + over 4 years.
The cost worldwide is $4.5 billion every year and over half of internet users get one phishing E-mail per day minimum.
The best defense against phishing attacks is to block malicious E-mails before they reach you is using DMARC
(Domain-based Message Authentication Reporting and Conformance) standard.
Also users (business etc.) that offer E-mail data revealing attacks beyond DMARC (e.g., attacks that fake a brand using domains outside of the brand’s control).
Unfortunately, some phishing E-mails will always make it to the inbox.
And those messages are extremely effective 97% of people cannot
identify a sophisticated phishing E-mail.
That’s where this article comes in.
How to identify a phishing or spoofing E-mail. Share this freely with your friends and co-workers etc (maybe the boss will reward you ;P ).
Don’t trust the displayed name
A very common tactic among thives is to spoof (fake) the display name of an E-mail.
More than 760,000 E-mail threats targeting 40 of the world’s largest brands and found that nearly half of all E-mail threats spoofed the brand in the display name.
Here’s how it works: This asshole phisher wanted to spoof the brand “Bank Of America,” so the E-mail looked like this:
Below is a actual phish email I received.
Notice it’s not from bankofamerica.com but from “urgentaile.com”.
See the general non-personal greeting, then the spelling and grammar. LMAO Nice try moron!
(I forwarded it to email@example.com so they can deal with the lame ass phisher.)
Since Bank Of America doesn’t own the domain “Urgentaile.com,” DMARC will not block this E-mail on Bank Of America’s behalf, even if Bank Of America has set their DMARC policy for bankofamerica.com to reject messages that fail to authenticate. This fraudulent E-mail, once delivered, appears legitimate because most user inboxes only show the display name. Don’t trust the display name. Check the E-mail address in the header from if looks suspicious, DO NOT open the E-mail.
Look but don’t click
Hover your mouse over any links embedded in the body of the E-mail. If the link address looks weird, DO NOT click on it.
If you want to test the link, open a new window and type in website address directly ratherthan clicking on the link from unsolicited E-mails.
Check for spelling mistakes
Brands are pretty serious about E-mail. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your E-mails carefully and report anything that seems suspicious.
Beware the greeting
Is the E-mail addressed to a vague “Valued Customer?” or “Your Account” If so, be careful legitimate businesses will mostly use a personal greeting with your first and last name.
DO NOT give up personal information
Legitimate banks and most other companies will never ask for personal credentials via E-mail. DO NOT EVER give them.
Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “Account Has Been Suspended” or “Unauthorized Login Attempt.”
Review the signature
Lack of details about the signer or how you can contact a company strongly suggests a phishing E-mail. Legitimate businesses ALWAYS provide contact details.
DO NOT click on attachments
Malicious attachments contain viruses and malware are a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. DO NOT open any E-mail attachments you weren’t expecting.
DO NOT trust the header from E-mail address
Phishers not only spoof brands in the display name, but also spoof brands in the header from E-mail address.
Return Path found that nearly 30% of more than 760,000 E-mail threats spoofed brands somewhere in the header from E-mail address with more than two thirds spoofing the brand in the E-mail domain alone.
DO NOT believe what you see
Phishers are extremely good at what they do. Just because an E-mail has convincing brand logos, language, and a seemingly valid E-mail address, does not mean that it’s legitimate.
Be skeptical when it comes to your E-mail messages if it looks even remotely suspicious, DO NOT open it.
Now for the what can you do part!
How and where to report phishing emails and texts.
Forward phishing emails to firstname.lastname@example.org also to the organization impersonated in the email. Your report is more effective when you include the full email header, but most email programs hide this information. To include or possibly copy and paste the raw message in the forward. You can Go to Options, then General Preferences, scroll down to Messages, and select “Show All Headers” or right click on message title and select “View raw message”. These are two common methods. Find out your email servers if neither of these apply.
This is what typical spam titled “Enjoy 90 Days of Proactiv+ & FREE Shipping!” header looks like.
X-Apparently-To: email@example.com; Wed, 19 Jun 2017 00:13:12 +0000 Return-Path:
X-YahooFilteredBulk: 18.104.22.168 Received-SPF: pass (domain of cagcom.com designates 22.214.171.124 as permitted sender) X-YMailISG: slxzLYUWLDvxrlNh9bEjUJwuD87aCVjWz1UgEy5wKJemEjhS rrS4TfHEPRuF2SiYg6vbTWHrswN8GxHCdahXfiCA.9LBmBVB21knvyz0EBr3 uPkVrull45KLxUEgMVwxV8zhB0pp72L0A93UqVNiQiiv7dA7ApHqukdpOqE3 gSaLA3gprbBAdMdb2ZI7aP662JyrxZ39Y5RSxzE9C1JYCwvNOTCry0XW6aA3 m8rWhFpt0Fb7gz8hDjr4MuIO66LZkAtPCa2y2vDnwaYJRj_bD6qRq0bAXySi v9jY2MNn1VV3TNiFMLPwvI8_6F.L_cG1.2W.9iAaX.zxtzLEsky8AqF3BIxF 777p32ABSLRZxypU.LcMtY717qSg_xRZYKve0c.Y7gAS1f7GR64AHIFMEbcU p_7JHr8ChMea7Mt5kRHBDg2c0NFeOzlxYyKRqsGkHl5xP3is2Rxcw.p6vKQm O7GgW_zHVAsEVpqfLKp4uId.diam6DOHGsrpMB6C87S0q_ehngqRxCOr9H8E GxIMrEG6qMqi730.45nzB07oZHfOf5t1LxCGPf39xmAS.gkoAEQt8o8X.PYi Z4ytyu_95pRhTlufY_p870mbQ3SjQVM2LQaTDLlArQBJlgPjnnxJ69vNviQv WxsutXjlEBK9Z6lI4S8kzWF1B5dJ3wFymtY0238wJ4RrLrFQ.iFVV6TS08KK 0tzq.deKpleMVsBQBsLWRcrZNbSM_Yv2kmYNyeCscvS6CFPb27ZgE6IX7bXv lVMsgeKCiQ5MstM2gK7LPGru_vaqTqIF6P_DFNAaHX4I7hg4EyagzLMGCl4z rBIYQdOxvg4qpmK8zrbKokOTwSe6NlU76QOqcSWC8gVwzaElDKev5qMa2Ydf DCa9Qead0lqvpkMsZUDEVqUXrsyIpiEd8F.rM25o7r7xfBPEEpB7lySG_2ik bqJPHU_uB5HFe5DhA5a4QGv5A4ev4BmOjB7R00iEYXLhwfM87jmyiyEaHhkL 4iHvDBJEwhcfa18jyQJ.gS9HhLBp7zgmMlgUnFFyG93sXCtuE5LujUuay_lg dwvS_.LRXC5ublnRDWjROf4ID.GEk5AOBcpFRIof4R8LfgIDYYwqefTClQCu bHeRxJbPwxzsmzGg7iU..rcNJT3.AIE0RZtfk33cQBWYWnQbiaUUFqDrylsJ 0IP0VWGvg0bmmmJhx4I28DNjxsghSkF3eoeiJdxXbNARwAFHCaox2zTV940Z mm7kenEpz5LM1hDeFnXs8KYWqMv6TcbM8xqAv6tr9XOYj0JWai8fCOcKTWVs WPuth2Xg3UQ8gDaalXmOHQHxF5AlsQ--n X-Originating-IP: [126.96.36.199] Authentication-Results: mta1312.mail.gq1.yahoo.com from=cagcom.com; domainkeys=pass (ok); from=cagcom.com; dkim=pass (ok) Received: from 127.0.0.1 (EHLO updates-182-229.cagcom.com) (188.8.131.52) by mta1312.mail.gq1.yahoo.com with SMTP; Wed, 19 Jul 2017 00:13:12 +0000 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=cagcom.com; h=Date:To:From:Reply-To:Subject:Message-ID:MIME-Version:Content-Type; firstname.lastname@example.org; bh=tc92wij1mQSFhJrbEe/J9S3rwmU= ; b=GsU1Q7nHDXDUCeJcv0tHOMKT6ieBGgyY2qCPFBG4ZjLURCE9xXS2d9GX8dRi3JIBBHllfAa19vSl s9U0SPGwGasVY9a/CvbEKHLOejEjL0T6m2aZ5u5XYTs0nQo04xRkgi+xvoXIYI3G3DpTyKQNe+hT zuvQuZOzTrL4hjYvLf8= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=cagcom.com; b=gU9LGbqx1dAc/MEz0gdd4u5kOjjzj//kFSIOertAiDD7VCvQn3dlfzK5ZPCNj+ulIgsXx34q7437 MQHdveHJWij0R3pX3KpCOwwBKEemxO7TwtRkkxJj4phJoczjlrA06BcSgqB2rectvzm1X+U0ULjh jVXhN8RJVyH9kZzUxE0= ; Date: Tue, 18 Jun 2017 23:42:46 +0000 Return-Path: email@example.com To: firstname.lastname@example.org From: Proactiv+ Reply-To: email@example.com Subject: Enjoy 90 Days of Proactiv+ & FREE Shipping! Message-ID: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_cd5cb8765bbd53816f1497f44d793a66" Content-Length: 1329 --b1_cd5cb8765bbd53816f1497f44d793a66 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Enjoy 90 Days of Proactiv+ & FREE Shipping! --b1_cd5cb8765bbd53816f1497f44d793a66 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html> <?xml encoding=3D"UTF-8"><!html><!head><!/head><!body> <center> <div style=3D"text-align: center;"> <div style=3D"border: 0px solid #eee; width: 600px; height: 881px; max-heig=ht: 803px; min-height: 803; margin: auto; overflow: hidden;"><img src=3D"ht=tp://cagcom.com/uploaded_images/1/1_face.jpg" usemap=3D"#face"><map name=3D="face"><area target=3D"" alt=3D"" title=3D"" href=3D"http://amaog.com/?nc2u==3DbtJ%2flSnfWXQNT379mLX6BT4tUhOhPMOu&s1=3D" coords=3D"7,3,574,664" sha=pe=3D"rect"><area target=3D"" alt=3D"" title=3D"" href=3D"http://amaog.com/=?nc2u=3DbtJ%2flSnfWXQNT379mLX6BT4tUhOhPMOu&s1=3D" coords=3D"323,704,462= ,728" shape=3D"rect"></map><center> <blockquote>Safe to view your Message.</blockquote> </center> <div style=3D"display: inline-block;"></div> </div> </div> </center> </body></html> --b1_cd5cb8765bbd53816f1497f44d793a66--
File a report with the U.S. Federal Trade Commission at FTC.gov/complaint.
Visit Identitytheft.gov. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.
You can also report phishing email to firstname.lastname@example.org. The Anti-Phishing Working Group, which includes ISPs, security vendors, financial institutions and law enforcement agencies, which report here to fight phishing.
Hope this helps keep some of you safe!