The Weekly Geek

I'm the Geek so you don't have to be!

The Weekly Geek random header image

More Phishing to steal your passwords and give you stress

February 10th, 2021 · No Comments

The phishing scams are out and in full force. If you follow us on social media, we have linked you to numerous scams and how to avoid them. If you don’t follow us on social media, then you probably didn’t know.

These scams come in all forms and styles of emails. Below are several examples of phishing emails.

In the first example, if you take your time, there are some dead giveaways that this is fake. I have highlighted some areas in lime green.
Letter “A” shows that is defiantly not a GoDaddy email.

On an email, by hovering over the document “B” you can see the web address it wants to send me to is also not GoDaddy.

Looking at letter “C”, I have no idea who Lake Vista is so I don’t want to get involved.

Finally notice it is “GoDaddy Excel” at the top but by where letter “C” is, it shows that it is supposed to be a PDF.

Just for you I have clicked on the link HOWEVER I strongly suggest you just delete / Junk it and move on with your life.

Notice the website is even different from the link. That’s because the haruk… website was redirecting to archive.org

Fortunately for me, the link has been disabled at some point by someone who either found out their website was being used or a counter hacker organization. Which is different than the email address domain contas…

Here is another example and what you can look for to see its authenticity.

This client knew that “A” @norarobert.com was not their IT company (Ward Computers is). Hovering over the “Confirm” (B) showed what should appear to be an obvious and dubious link and finally, the date (C) isn’t what we Americans use.

Below is another example. This one has a legitimate email address (A) however hovering over the “Contact us” (B) area you can see a suspicious link. Plus, we were not doing any upgrades with GoDaddy at this time.

Scrolling down the email and hovering over our website ‘wardcomputers.com’ in blue (C), you can see the same link and if I had hovered over the “Go to GoDaddy” (D) you would see the same link again.

Clicking on the link, Firefox and Google together saved the day.

Unfortunately, you cannot always count on your security software or browser to protect you.

Below is another example of a hacking / phishing / scam email. The first one is the one that came in to the client.

Clicking on the link lead to a pop-up asking for their Microsoft 365 account information for “security” purposes. They entered it. The original mixes up names. The “you received a document from” name in the Description section is different than elsewhere.

If you enter your username and password (as was done), a bot automatically goes into your 365 account and starts sending the message below to anyone you have ever sent emails too, not just your contacts list.

It even has access to your signature, since everything you do in 365 is logged.

In this case neither the ESET anti-virus nor SonicWALL TZ 600 UTM caught the email or block its credential harvesting, nor in any way stopped this. I am greatly disappointed. Once the emails started bouncing back 365 started putting them in the junk settings.

I would expect ESET to give this warning (from the 2nd example / Fake IT company above)

So, after sending “o crud, don’t open that last email from me” emails, all your email will go to junk. This too is part of the bot / hacker’s intent. The created a rule to do this and it takes time to find.

You can see by the other two Rules that were off, that this person has clicked on similar emails in the past.

Even though the email above was not caught by 365, ESET or SonicWall, there were emails (below) that were caught by 365.

And from 2019 here is another example that is a fake PDF that will ask for credentials.

If you do click on an email attachment and for ‘Security’ purposes it wants any log on credentials. Immediately back out.

It is my humble but amazingly accurate opinion, you should not open email attachments you are not expecting. You should contact the person they are from and if you don’t know who they are from just Junk them. It is not worth the embarrassment and hassle to you or the bill from your IT provider.

That is enough lecture for now, until we meet again, have a virus and phishing scam free week.

Tags: Uncategorized

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment