We get a lot of phishing scams through our metaphorical doors, and the more that turn up in our inbox, the more elaborate they seem to get. Often this is really useful for us, because the longer the phishers take on designing a beautifully convincing email, and the more effort they put into writing some lengthy copy to go along with it, the more red flags and signals crop up to tell us that we’re looking at a phishing email.
However, the most recent arrival had us going back for a second look because there was so little there to work with - a great reminder that not every phishing email is going to look the same. It’s also a great opportunity for us to go back to the beginning, and make sure our phishing know-how is up to scratch.
What’s a phishing email?
A phishing email is an email sent by some unscrupulous individual who is pretending to be someone else, for the sole purpose of harvesting your information. Sometimes they can pretend to be a business or an organisation that they know people will be familiar with; TV Licensing or Netflix, for example. Sometimes they’ll attempt to scare you by claiming to be someone who has material with which to blackmail you, or by claiming that they’re an accomplished assassin who has seen the error of their ways.
Regardless of the sender, the intention of a phishing email is to get some kind of information out of you. This could just be login information, which can then be used to access every site that you’ve used the same password for (which is one of the reasons you should use different passwords for each site). This might be financial information, like your debit or credit card details. Or it might be account information so your account can be sold to someone on the Dark Web.
How do these phishers intend to get this information?
A phisher is going to get you to give them the information - ideally, without even knowing you’ve handed it over. So, they’ll pop a link in the email somewhere, which when clicked will sneakily download malware to your machine. This malware may run quietly in the background and wait until you log onto your email, or a banking site or you buy something online - and then feed any important looking information back to the phisher. Or alternatively, a link within the email may take you to a screen that sort of looks like Netflix or Outlook, and ask you to pop your information in.
A phishing email may also offer up a time limit, for example, ‘Please respond in the next 24 hours’ or a subtle threat, ‘You will no longer be able to access your account’. The aim is to get you to panic, and click a link before taking the time to look closely, and think things through. As such, when you get an email, you should always do both.
Putting our phishing know-how to the test
The latest phishing scam we’ve got is a great one to test our knowledge on. We received the email below this month, and although it’s short, there is enough for us to figure out that it’s a sneaky phisher in disguise.
So, if we scan read this everything looks pretty legitimate. The colour scheme does look like Outlook, and the email address of the sender even looks ok. But like most phishing scams, it doesn’t really hold up to closer scrutiny.
First of all, it’s not really clear what Fake Outlook is asking here. First of all, ‘we’re analysing the security status of all email accounts’ - it’s not really clear what this means. Real Outlook aren’t going to send you an email that’s at all vague or confusing - they’re going to make sure it’s crystal clear.
There’s one of the hallmarks of a phishing email, ‘to continue using this account without any restrictions’. It doesn’t go into what restrictions these are, or why the account would be restricted - something we’d definitely expect Outlook to be specific about.
‘It’s our duty to ensure your personal information is secure and updated,’ is also a little bit off. Is it that our personal information needs updating? Is the problem that someone has got access to our email? Why are we at risk of being restricted? This phishing email is trying to be way too many things at once.
The biggest indication that we’re looking at a phishing email is, however, in that sender box. Both the link and the sender seem to go to an account called, ‘outlook-gateway’. The part of the email and the link that comes directly before that ‘.’ is very important - any email from Microsoft Outlook will always end in ‘outlook.’
Is that all? No more red flags?
This is a tricky little email, and it does a good job of trying to convince us that it is really from Outlook - down to the fake email address. The problem is that because there’s not a lot here, there’s not as much room for the phisher to make a spelling mistake, or to give us any more warning signs.
If you are on the fence about an email you’ve received, give your friendly IT support team a call. Don’t click on any links within the email, and don’t reply directly - if it is a phisher on the other end, they’re going to tell you that the email is legitimate. Head to Google, and find the contact details of the organisation the sender pertains to be - in this case, Microsoft Outlook. They should be able to tell you if the email really came from them. If not - toss it in the Junk.
Tweet us @TranscenditUK