Eagle Eye Networks

How to spot and defeat a real-world phishing attack

May 10, 2024 drako

Email security and phishing attempts are a constant battle. The strategy of the attacks is the same. Typically the email is trying to entice the recipient into clicking on something that will install malware, ask for credit card info, or ask for passwords to log in into service (such as Apple iCloud). You have traditionally been able to detect some of these attacks because the logos are a little bit wrong, the English is a bit off, or it just does not look right. Obviously, as the attackers get more sophisticated and refine their craft the messages get closer and closer to the real thing.

Part of the strategy, since the emails are widely sent, is to pick a service or product that is widely used. The sender does not know if you have a Netflix account or a Gmail account, but lots of people do, so their likelihood of tricking someone is good.

I recently have observed a new wave of emails that are pretending to be from Apple, regarding the storage running out in iCloud. 

y9172mOi1hOgIcftBUr9a99xSwf5a5mQ rvVUC46IM 4WUYzmyHlAtHlQk Qh2do SeZXaVNW8pt QU6ZHVtgCG1fpmMw9unikN9CPJYZuCQS75tRxcMEELuyPVI8HS9MgplBLSWZbh19LBXE8ReQBo - How to spot and defeat a real-world phishing attack

Hundreds of millions of people use iCloud so the likelihood of this applying to the recipient is higher. This email looks good, has a design that fits Apple’s style a bit, has English and punctuation with some flaws, but which many people will not read carefully enough. It also opens with some text that warns they will want your credit card details.

This is a good phishing attack. I am sure they get enough credit cards to make it worthwhile.

Beware. Check the “From” field on the email. This one is clearly not from Apple. But don’t only trust the “From” field. The best thing to do is to look at the TARGET LINK.

In this email if you click on the “Receive 50 GB” button, the link goes to a link that is clearly not an APPLE website. It goes to “goodleapis.com”. Apple will never send an email with a link to some random website like this.

qlovKra6xr1e3UZRD5ebVYF 0LY JG8qdvztDR8jZoPM PoGCoLQ7xAsk Gcf0l9RujOQhvMUS6i Xo5xBYfgVMThITOnuYpG7K KeaVF9L6pjjGV 3ghaRHkec9BqpvTlIeHAzzjQ81FalYiuGiC4Q - How to spot and defeat a real-world phishing attack

As phishing attacks evolve, it will be only more crucial that you view any request for valuable information with a skeptical eye. Experience, and sometimes AI, are making it easier for criminals to craft messages that look ever-more realistic. It takes only a moment to look into the details of an email like this one, but could save you (and possibly your IT department) a great deal of time down the road. Take a moment to ensure you’re being safe. It could save you a lot of headaches (and potentially much more).

Tags

Other posts that might interest you

loading

New Gmail Feature = Phishing Risks

Google is rolling out a redesign of its Gmail service, but federal cyber security authorities are voicing concerns over one particular new feature. This feature is called, “Confidential Email.” Confidential…

July 20, 2018 Eagle Eye Networks

Cyber Attack – D.C. Cameras

Over the past few months, more and more IOT devices, including DVRs, and cameras, are being reportedly compromised and proven vulnerable to cyber attacks. Most recently, the Washington Post reported…

January 31, 2017 Eagle Eye Networks

WannaCry Ransomware

Unfortunately, hackers are always coming up with new ways to make money and exploit systems. Cyber is no different. The WannaCry ransomware breaks new ground in its reach, use of…

May 23, 2017 Eagle Eye Networks