Dumb Sh!t

Home  ❯❯  ComputingInternet   ❯❯   What? Phishing?

What? Phishing?

-A +A

Phishing attacks are more rampant than ever before, rising by more than 162% + over 4 years.
The cost worldwide is $4.5 billion every year and over half of internet users get one phishing E-mail per day minimum.
The best defense against phishing attacks is to block malicious E-mails before they reach you is using DMARC
(Domain-based Message Authentication Reporting and Conformance) standard.
Also users (business etc.) that offer E-mail data revealing attacks beyond DMARC (e.g., attacks that fake a brand using domains outside of the brand’s control).
Unfortunately, some phishing E-mails will always make it to the inbox.
And those messages are extremely effective 97% of people cannot
identify a sophisticated phishing E-mail.
That’s where this article comes in.

How to identify a phishing or spoofing E-mail. Share this freely with your friends and co-workers etc (maybe the boss will reward you ;P ).

Don’t trust the displayed name
A very common tactic among thives is to spoof (fake) the display name of an E-mail.
More than 760,000 E-mail threats targeting 40 of the world’s largest brands and found that nearly half of all E-mail threats spoofed the brand in the display name.
Here’s how it works: This asshole phisher wanted to spoof the brand “Bank Of America,” so the E-mail looked like this:

Below is a actual phish email I received.
Notice it’s not from bankofamerica.com but from “urgentaile.com”.
See the general non-personal greeting, then the spelling and grammar. LMAO Nice try moron!
(I forwarded it to abuse@bankofamerica.com so they can deal with the lame ass phisher.)

Since Bank Of America doesn’t own the domain “Urgentaile.com,” DMARC will not block this E-mail on Bank Of America’s behalf, even if Bank Of America has set their DMARC policy for bankofamerica.com to reject messages that fail to authenticate. This fraudulent E-mail, once delivered, appears legitimate because most user inboxes only show the display name. Don’t trust the display name. Check the E-mail address in the header from if looks suspicious, DO NOT open the E-mail.

Look but don’t click

Hover your mouse over any links embedded in the body of the E-mail. If the link address looks weird, DO NOT click on it.
If you want to test the link, open a new window and type in website address directly ratherthan clicking on the link from unsolicited E-mails.

Check for spelling mistakes

Brands are pretty serious about E-mail. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your E-mails carefully and report anything that seems suspicious.

Beware the greeting
Is the E-mail addressed to a vague “Valued Customer?” or “Your Account” If so, be careful legitimate businesses will mostly use a personal greeting with your first and last name.

DO NOT give up personal information
Legitimate banks and most other companies will never ask for personal credentials via E-mail. DO NOT EVER give them.

Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “Account Has Been Suspended” or “Unauthorized Login Attempt.”

Review the signature
Lack of details about the signer or how you can contact a company strongly suggests a phishing E-mail. Legitimate businesses ALWAYS provide contact details.

DO NOT click on attachments
Malicious attachments contain viruses and malware are a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. DO NOT open any E-mail attachments you weren’t expecting.

DO NOT trust the header from E-mail address
Phishers not only spoof brands in the display name, but also spoof brands in the header from E-mail address.
Return Path found that nearly 30% of more than 760,000 E-mail threats spoofed brands somewhere in the header from E-mail address with more than two thirds spoofing the brand in the E-mail domain alone.

DO NOT believe what you see
Phishers are extremely good at what they do. Just because an E-mail has convincing brand logos, language, and a seemingly valid E-mail address, does not mean that it’s legitimate.
Be skeptical when it comes to your E-mail messages if it looks even remotely suspicious, DO NOT open it.
Now for the what can you do part!

How and where to report phishing emails and texts.
Forward phishing emails to spam@uce.gov also to the organization impersonated in the email. Your report is more effective when you include the full email header, but most email programs hide this information. To include or possibly copy and paste the raw message in the forward. You can Go to Options, then General Preferences, scroll down to Messages, and select “Show All Headers” or right click on message title and select “View raw message”. These are two common methods. Find out your email servers if neither of these apply.
This is what typical spam titled “Enjoy 90 Days of Proactiv+ & FREE Shipping!” header looks like.

X-Apparently-To: me@yahoo.com; Wed, 19 Jun 2017 00:13:12 +0000
Received-SPF: pass (domain of cagcom.com designates as permitted sender)
X-YMailISG: slxzLYUWLDvxrlNh9bEjUJwuD87aCVjWz1UgEy5wKJemEjhS
X-Originating-IP: []
Authentication-Results: mta1312.mail.gq1.yahoo.com  from=cagcom.com; domainkeys=pass (ok);
from=cagcom.com; dkim=pass (ok)
Received: from  (EHLO updates-182-229.cagcom.com) (
  by mta1312.mail.gq1.yahoo.com with SMTP; Wed, 19 Jul 2017 00:13:12 +0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=cagcom.com;
 bh=tc92wij1mQSFhJrbEe/J9S3rwmU= ;
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=cagcom.com;
   jVXhN8RJVyH9kZzUxE0= ;
Date: Tue, 18 Jun 2017 23:42:46 +0000
Return-Path: bounce@cagcom.com
To: me@yahoo.com
From: Proactiv+ 
Reply-To: explore@cagcom.com
Subject: Enjoy 90 Days of Proactiv+ & FREE Shipping!
MIME-Version: 1.0
Content-Type: multipart/alternative;
Content-Length: 1329

Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Enjoy 90 Days of Proactiv+ & FREE Shipping!

Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html>
<?xml encoding=3D"UTF-8"><!html><!head><!/head><!body>
<div style=3D"text-align: center;">
<div style=3D"border: 0px solid #eee; width: 600px; height: 881px; max-heig=ht: 803px; min-height: 803; margin: auto; overflow: hidden;"><img src=3D"ht=tp://cagcom.com/uploaded_images/1/1_face.jpg" usemap=3D"#face"><map name=3D="face"><area target=3D"" alt=3D"" title=3D"" href=3D"http://amaog.com/?nc2u==3DbtJ%2flSnfWXQNT379mLX6BT4tUhOhPMOu&s1=3D" coords=3D"7,3,574,664" sha=pe=3D"rect"><area target=3D"" alt=3D"" title=3D"" href=3D"http://amaog.com/=?nc2u=3DbtJ%2flSnfWXQNT379mLX6BT4tUhOhPMOu&s1=3D" coords=3D"323,704,462= ,728" shape=3D"rect">3D""</map><center>
<blockquote>Safe to view your Message.</blockquote>
<div style=3D"display: inline-block;"></div>


File a report with the U.S. Federal Trade Commission at FTC.gov/complaint.
Visit Identitytheft.gov. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.

You can also report phishing email to reportphishing@apwg.org. The Anti-Phishing Working Group, which includes ISPs, security vendors, financial institutions and law enforcement agencies, which report here to fight phishing.

Hope this helps keep some of you safe!