Phishing tactics, interesting change!

Graphic of a 'Danger phishing scam' signRemember when phishing / spam mail consisted of ‘Nigerian’ princes wanting to give you money, or a lottery win you didn’t play in? I had a run on tax refunds even before I’d submitted my return! What happy times, the phishing spammers were playing on your wants, money mainly! Nowadays they are playing on your fears! Now its tax demands not refunds, notices of pending investigations and even speeding tickets! Of course the Phishers are still making the mistakes that make them easy to spot, as the two screen grabs below show:

Speeding, Moi……..Screenshot of received Phishing email

Well the obvious mistake here is it came by phishing email! Last time I, I mean a friend got a speeding ticket it came by post! With a photo, not a “We have photographic proof” statement. I of course was not in Stockport on the 9th, and I’d never think of doing 81 in a 25 zone, my car would be airborne on the speed humps! So not only a fail on the basics of making it seem like it could be me, but on the probability of doing 81mph at the start of rush hour!

Then there’s the techie bits, the URL from the ‘Examine’ link, the key bit the phishing is intended to make you click goes to <!!!ОШИБКА ШАБЛОНА: ШАБЛОН закрыт в ‘[%%’ и ‘%%]’ НЕ ПРАВИЛЬНО!!!http://vfw4914 .com/administrator/ backups/cvyi3q0x4ds7/qnlmj0w1.php%%]> (Just hover your mouse on a real phishing email to check link URLs). And whilst the grammar’s good, is not quite right!

Company Investigation Phishing email screenshotPhishing Exhibit B…..

Now this phishing email has slightly less going for it, whilst still playing on my fears and threatening they “can apply to the court to wind up the company and stop it trading.”  The basic problem is I’m not a registered company, but even if I was the same basic checks will show the phishing spammers for what they are.  The ‘Further Data’ link whilst not gibberish, does give a way the ‘malware payload’ location, wp-content/plugins/siteorigin-panels/settings/images/a3wxid/vkjya9i0.php>; The footer links are lifted from, with them even managing to lift a link to the ‘Wales’ section of!  The send email is <mail@localmail .com>, so if you watch your spam box you will also notice trends like this!

So phishing has passed through many changing trends and presently plays on your fears, in an effort to get those clicks that will come with malware attached, corporate targeted Phishing is still trying to get those precious login credentials, and whilst outside the corporate world it may be more subtle in its message, it can still be easily spotted!

Here are WHICH?’s 7 steps to spotting spam

How to spot a scam

  1. Contacted out of the blue?
  2. Is the deal too good to be true?
  3. Asked to share personal details?
  4. Pressurised to respond quickly?
  5. Are the contact details vague?
  6. Grammatical or spelling mistakes?
  7. Are you asked to keep it quiet?