A customer recently shared this targeted phishing attempt with me, and I want to walk you through it. As phishing goes, it’s a bit more sophisticated than usual. Check out the details so you’ll be ready to sidestep this if it comes to your inbox.
More Tailored than Other Scams
I mention “targeted” because the initial contact was a well-written message, with tailored specifics. This was not a mass-mailing! It was crafted with some care and deliberately sent.
The English usage is solid and the request is relevant and reasonable to the recipient. Sure, upon close inspection you might figure this was written by AI, but most people are not looking for that in customer emails.
The sophistication began with the attachment. This email had a single PDF at the bottom, which opened to this:
If you think this is fishy, you’re right. The PDF contains no real info and is crafted is to hide a URL behind the Open-link. Its only purpose is to carry you away to a website. But also realize that this resembles real file-sharing emails used in business and enterprise settings. This may look believable to some!
The Open button lead to this website:
The scammer is hoping victims will overlook the oddball URL, and just keep cooperating. I entered a variety of bogus email addresses, and was impressed with the results. The phishing webpage is capable of interpreting different domain names, and moving to a fake sign-on site that corresponds to the email. This is what I encountered as I tried Microsoft, Google and other email addresses:
What’s even more devilish is that these continue to simulate and imitate a real sign-on experience. After entering a password, it will move to a 2FA screen (if enabled) and ask for the victim to enter the code that was sent. This means that, for anyone fooled by this scam, Two-Factor Authentication will be defeated, and the criminal will gain access to the supplied email address.
The Dangers
Just to be clear, here’s why this is a really big deal. If you are tricked by this phishing scam, a very bad person will have perfect access to your email account. From there, they can:
- Send scam emails to everyone in your stored Contacts
- Send spam to lists of other email addresses
- Use your email to change passwords on your other accounts (bank, social media, etc.) and sign into those websites as you
- Change your email recovery methods, so that you are prevented from resetting the password or using your own email
If you figure out that this scam has hit one of your email addresses, it is important to change your password ASAP. After that, review other settings in your email account, such as 2FA options, Associated Devices, Mail Forwarding and Connected Apps. You’re looking for any other changes that the crooks may have made to manipulate the account to their designs.
And as always, if you need help, call your friendly neighborhood computer tech!
Thank you Jesse.