- Joined
- Jul 4, 2015
- Messages
- 8,998
- Thread Author
-
- #1
Here is another real phishing email. This one purporting to be from PayPal.
Lets dig in...
(Orange) we have typos and grammatical errors
(1) Again we have a weird email address from @paypap-us.com. This is highly unlikely owned by PayPal.
(2) This email is probably BCC'd to a bunch of users. Most official communications will go directly to you
(3) Here is a hook/social engineering tactic. Trying to instill panic with a sense of urgency
(4) In this case there is no greeting or mention of me the customer (No greeting or generic ones are red flags)
(5/6) There are two issues account activity and a bank alert (Sorry, your bank would notify you of fraudulent CC or account usage)
(7) The whole email is an image that is also a clickable link
The link
jetsend.com is a real emailing service with tracking capabilities. The threat actor can determine if you clicked his link. These services will also kick off additional redirects to the attack landing page most likely.
Looks like it redirects to a google doc
Another redirect to the end page. Looks like the attackers account has already been taken down
Lets dig in...
(Orange) we have typos and grammatical errors
(1) Again we have a weird email address from @paypap-us.com. This is highly unlikely owned by PayPal.
(2) This email is probably BCC'd to a bunch of users. Most official communications will go directly to you
(3) Here is a hook/social engineering tactic. Trying to instill panic with a sense of urgency
(4) In this case there is no greeting or mention of me the customer (No greeting or generic ones are red flags)
(5/6) There are two issues account activity and a bank alert (Sorry, your bank would notify you of fraudulent CC or account usage)
(7) The whole email is an image that is also a clickable link
The link
jetsend.com is a real emailing service with tracking capabilities. The threat actor can determine if you clicked his link. These services will also kick off additional redirects to the attack landing page most likely.
Looks like it redirects to a google doc
Another redirect to the end page. Looks like the attackers account has already been taken down
Solution
- Joined
- May 22, 2012
- Messages
- 4,561
the main one doing the rounds in Australia is a fake toll payment one telling people they owe $2-12 dollars for a toll cam and asking them to click the link and put their bank payment details in
the reason it works so well is Australias total lack of understanding with internet security at even the highest levels
the reason it works so well is Australias total lack of understanding with internet security at even the highest levels
- Joined
- Jul 4, 2015
- Messages
- 8,998
- Thread Author
-
- #3
Phishing attacks are very popular because they have a very high success rate in general. 75-85% of Cyber crime will leverage phishing as part of their tactics. 60% on average are successful
- Joined
- May 22, 2012
- Messages
- 4,561
it flags the email on your account... i beleave Microsoft then blocks that address to your account yes but they don't do anything else about it i.e, it doesn't then get blocked for someone else on a Microsoft email
its possible a high count of flags against a email will then take some other action but i have not tested it eg if 20 people flag the same email address it may get more than just blocked for them
its possible a high count of flags against a email will then take some other action but i have not tested it eg if 20 people flag the same email address it may get more than just blocked for them
Similar threads
- Article
- Article