An esteemed client sent me the latest example of Shentel Webmail phishing this evening. I thought I would share the details, as I have many times before, but I later uncovered a phishing motherlode behind the fake Shentel website…
A Phishing Email
It typically starts with an email like this:
It’s pretty standard fare, here. The From: address has been spoofed to resemble a legitimate sender. The lifted graphics are believable. I’m still amazed, though, that the scammers haven’t removed the word “kindly” from their vocabulary. Don’t they know what a tell that is?
Leads to an Impostor Website
The links in that email led me to an amazing fake webpage. It looks astonishingly close to Shentel’s Webmail page. Take a look at these two graphics and compare the fake against the real deal:
The only solid clue here is the bogus URL. “app-cmd.name.ng” has nothing to do with Shentel, and you might be interested to learn that the Country Code at the end, “ng”, stands for Nigeria.
Before writing up another generic warning for Shentel email users (don’t put your password in here!), I started to play around with that URL. I deleted a few characters and tried exploring the directories above it. And I easily found my way to a long list of folders, each one of which led to a different phishing website.
And Dozens More
I went through the whole long list and found numerous other webmail-related phishing websites:
There may have been twenty webmail fakes, and when I compared them to the legitimate versions, they were all extremely convincing!
But worse, I found phishing websites for financial companies and more:
Someone had put in a lot of work here, to craft so many different, spot-on fake websites. I’m sure that behind each one, there were mass-email campaigns, trying to lure people to each site. Hoping to trick people into giving over their passwords.
I Did What I Could
Writing this blog post is just the start. I know only a select few people may read this, so there’s bigger steps to take. As I’ve blogged before, malicious websites need to be reported to higher-up companies. So that’s what I’ve spent some time on this evening…
And it’s already doing some good. Now that I return to that original Shentel phishing page, different browsers now warn me that I am clicking something shady:
Thank goodness. When I first saw the Shentel phishing email, I thought, “Boy, Monday is sure gonna be busy for me”, but now, I’m not so worried. People who get any scammy message that leads to this phishing motherlode should be greeted with a big scary warning instead of a convincing sham.
Be safe out there, everyone!