How to spot and defeat a real-world phishing attack

Email security and phishing attempts are a constant battle. The strategy of the attacks is the same. Typically the email is trying to entice the recipient into clicking on something that will install malware, ask for credit card info, or ask for passwords to log in into service (such as Apple iCloud). You have traditionally been able to detect some of these attacks because the logos are a little bit wrong, the English is a bit off, or it just does not look right. Obviously, as the attackers get more sophisticated and refine their craft the messages get closer and closer to the real thing.

Part of the strategy, since the emails are widely sent, is to pick a service or product that is widely used. The sender does not know if you have a Netflix account or a Gmail account, but lots of people do, so their likelihood of tricking someone is good.

I recently have observed a new wave of emails that are pretending to be from Apple, regarding the storage running out in iCloud. 

Hundreds of millions of people use iCloud so the likelihood of this applying to the recipient is higher. This email looks good, has a design that fits Apple’s style a bit, has English and punctuation with some flaws, but which many people will not read carefully enough. It also opens with some text that warns they will want your credit card details.

This is a good phishing attack. I am sure they get enough credit cards to make it worthwhile.

Beware. Check the “From” field on the email. This one is clearly not from Apple. But don’t only trust the “From” field. The best thing to do is to look at the TARGET LINK.

In this email if you click on the “Receive 50 GB” button, the link goes to a link that is clearly not an APPLE website. It goes to “goodleapis.com”. Apple will never send an email with a link to some random website like this.

As phishing attacks evolve, it will be only more crucial that you view any request for valuable information with a skeptical eye. Experience, and sometimes AI, are making it easier for criminals to craft messages that look ever-more realistic. It takes only a moment to look into the details of an email like this one, but could save you (and possibly your IT department) a great deal of time down the road. Take a moment to ensure you’re being safe. It could save you a lot of headaches (and potentially much more).