Here's a phishing scam. Don't click it.
-
So I mentioned in a few of my recent posts, I've been recently hired by the government and OMG it's full of WTFs.
I've been delaying writing nice and proper stories but this one hapenned RIGHT NOW and it's actually quite short (but hugely WTF-y, nonetheless).
Just received on my corporate inbox the following message:
From:Bob [head of support]
To: The entirety of all the different IT (sub)departments of this university
Suject:Fwd: Hey Bob, please warn the folks about this scam.
Contents: nicely centered image that looks quite real if you don't look twice. With a nicely aligned logo and the required: "warning" icon, "immediate attention required" text and even a "click here" button on the bottom of the image. With an active link, of course. To some polish website.
All the replies and forwards are being made with the link intact.OH, did I mention I'm working on the Information Security department?
Sigh.
-
Well, I hope you didn't click it!
-
Can you block the link's domain for everybody?
From experience I can say that it's much simpler than telling people not to click on stuff. Because if you tell them to not click on something, they WILL try and click on it .Usually guys thinking that maybe there might be porn or warez of their interest on said links, even if you personally tell them it's just some sort of scam.
That may sound a little dictatorial, but remember, the morons are still free to screw their systems over at home or somewhere else.
-
@Renan said:
Can you block the link's domain for everybody?
Because if you tell them to not click on something, they WILL try and click on it
Block the link and set up a redirect that shows them a "Har Har You're a MORON for clicking that link!" page.
Add a counter for more fun and profit.
-
@Cassidy said:
+1. Very evil.@Renan said:
Can you block the link's domain for everybody?
Because if you tell them to not click on something, they WILL try and click on it
Block the link and set up a redirect that shows them a "Har Har You're a MORON for clicking that link!" page.
Add a counter for more fun and profit.
-
@Cassidy said:
@Renan said:
Can you block the link's domain for everybody?
Because if you tell them to not click on something, they WILL try and click on it
Block the link and set up a redirect that shows them a "Har Har You're a MORON for clicking that link!" page.
Add
a counterpass through authentication grabbing their username, then initiate disciplinary proceedings for failing to adhere to the Information Security Policy for more fun and profit.FTFY
-
I just got a similar message, sent to everyone in our organization:
<colleague> just received this email. If you've received it, DON'T CLICK IT!
Microsoft should never ask you for your password when you are already logged into your account nor will it disable your account without us knowing.
From: Microsoft Admin Team fprsthiars@e-clinic.com
To: Sales
Subject: Hello - Urgent
With best regards,
<IT guy>
The image still had a working link to the phishing page...
FAKE EDIT:
There was a follow-up after I told our head IT guy; he replied to everyone on his original email and said something like "be aware that the mail which I've sent still contained a working example of the phishing attempt. Please don't try clicking it".
That reply still contains a working link...
-
The sec guys here send us fake fishing emails. When you click it redirects to a web site that educate users about fishing.
-
@timbstoke said in Here's a phishing scam. Don't click it.:
@Cassidy said:
@Renan said:
Can you block the link's domain for everybody?
Because if you tell them to not click on something, they WILL try and click on it
Block the link and set up a redirect that shows them a "Har Har You're a MORON for clicking that link!" page.
Add
a counterpass through authentication grabbing their username, then initiate disciplinary proceedings for failing to adhere to the Information Security Policy for more fun and profit.FTFY
This is 100% seriously a good idea. Like with kids or dogs, some people only ever learn if you yell at them when you catch them in the act.
I always thought this would also be a decent strategy to combat spam. Make some "fake spam" in a forum or game or whatever. Check who clicks the links and ban them for a day for feeding the spammers.
-
@Renan said in Here's a phishing scam. Don't click it.:
Because if you tell them to not click on something, they WILL try and click on it
Truth. That's why I'm here in this topic actually. I just couldn't help myself!!!
-
@Tsaukpaetra I'm disappointed OP didn't post the link to the scam so we could not click it.
-
@anonymous234 said in Here's a phishing scam. Don't click it.:
@Tsaukpaetra I'm disappointed OP didn't post the link to the scam so we could not click it.
Simpler times, friend.
-
@atipico said in Here's a phishing scam. Don't click it.:
So I mentioned in a few of my recent posts, I've been recently hired by the government and OMG it's full of WTFs.
I've been delaying writing nice and proper stories but this one hapenned RIGHT NOW and it's actually quite short (but hugely WTF-y, nonetheless).
Just received on my corporate inbox the following message:
From:Bob [head of support]
To: The entirety of all the different IT (sub)departments of this university
Suject:Fwd: Hey Bob, please warn the folks about this scam.
Contents: nicely centered image that looks quite real if you don't look twice. With a nicely aligned logo and the required: "warning" icon, "immediate attention required" text and even a "click here" button on the bottom of the image. With an active link, of course. To some polish website.
All the replies and forwards are being made with the link intact.OH, did I mention I'm working on the Information Security department?
Sigh.What you need to do is setup your own intranet "phishing scam", and send it out regularly, and when they click it, it goes to a page that explains what phising is and why they shouldn't click on those links in the future.
-
@sockpuppet7 said in Here's a phishing scam. Don't click it.:
The sec guys here send us fake fishing emails. When you click it redirects to a web site that educate users about fishing.
Wait...educate about fishing or phishing? Because the former would be funnier.
-
We just got a fake phishing scam (generated by our IT) department yesterday. It was pretty bad. I've already disposed of it, so I can't link it, but key indicators were:
a) it was from "googlesupport@google.con"
b) Didn't fit the same pattern as normal google drive links
c) asked to log in with our account.4 people (faculty/staff) fell for it. I showed it to some students, they immediately said "that's fake."
-
@anonymous234 said in Here's a phishing scam. Don't click it.:
@timbstoke said in Here's a phishing scam. Don't click it.:
@Cassidy said:
@Renan said:
Can you block the link's domain for everybody?
Because if you tell them to not click on something, they WILL try and click on it
Block the link and set up a redirect that shows them a "Har Har You're a MORON for clicking that link!" page.
Add
a counterpass through authentication grabbing their username, then initiate disciplinary proceedings for failing to adhere to the Information Security Policy for more fun and profit.FTFY
This is 100% seriously a good idea. Like with kids or dogs, some people only ever learn if you yell at them when you catch them in the act.
I always thought this would also be a decent strategy to combat spam. Make some "fake spam" in a forum or game or whatever. Check who clicks the links and ban them for a day for feeding the spammers.
My company used to do this sort of thing. I think the penalty was "just" extra training though. Example:
@boomzilla said in 📧 The Official Spam Emails Thread™:
I think my company is testing us again:
The domain leads back to a security company that I recall them using before.
-
@boomzilla Not just a different IP, a very different one!
edit: Yeah, a bunch of flags in that... "you're", "massage", "Sonnyville" and that zip (Sunnyvale's zip starts with 940). Oh, and Maple Ave is a very short residential street.
-
@boomzilla: LinkedIn is a special case, because they're spammers themselves. I occasionally get "<person> would like to add you to his LinkedIn network" emails, and I know for a fact that <person> did no such thing (because I asked him about it, and he knows I don't use social networks anyways.)
-
@boomzilla Can you enter someone else's credentials?
EDIT: Of course, this might backfire if the button in the e-mail contains identifiable information like a unique id of the recipient (i.e. your work e-mail or a GUID assigned for it).
-
@Zerosquare said in Here's a phishing scam. Don't click it.:
@boomzilla: LinkedIn is a special case, because they're spammers themselves. I occasionally get "<person> would like to add you to his LinkedIn network" emails, and I know for a fact that <person> did no such thing (because I asked him about it, and he knows I don't use social networks anyways.)
I remember seeing other ones, too. In particular, I think there was an Amazon counterfeit. It's probably there in the spam thread somewhere, but i just posted the first one I found.
@JBert said in Here's a phishing scam. Don't click it.:
Can you enter someone else's credentials?
I believe the links had a query string that presumably identified you. I just looked at the links and ran
whoison the domains.
-
@anonymous234 said in Here's a phishing scam. Don't click it.:
@timbstoke said in Here's a phishing scam. Don't click it.:
@Cassidy said:
@Renan said:
Can you block the link's domain for everybody?
Because if you tell them to not click on something, they WILL try and click on it
Block the link and set up a redirect that shows them a "Har Har You're a MORON for clicking that link!" page.
Add
a counterpass through authentication grabbing their username, then initiate disciplinary proceedings for failing to adhere to the Information Security Policy for more fun and profit.FTFY
This is 100% seriously a good idea. Like with kids or dogs, some people only ever learn if you yell at them when you catch them in the act.
Make sure you validate that the username came from the right person, though, or you'll end up with people entering the usernames of people they hate.
-
@boomzilla said in Here's a phishing scam. Don't click it.:
@sockpuppet7 said in Here's a phishing scam. Don't click it.:
The sec guys here send us fake fishing emails. When you click it redirects to a web site that educate users about fishing.
Wait...educate about fishing or phishing? Because the former would be funnier.
Can you get spearphished and end up going fishing alone?
-
@Benjamin-Hall said in Here's a phishing scam. Don't click it.:
googlesupport@google.con
Why would a spammer ever do that? Generally if an email server would complain about SPF, it's not going to accept an email from an invalid TLD.
-
@Zerosquare said in Here's a phishing scam. Don't click it.:
@boomzilla: LinkedIn is a special case, because they're spammers themselves. I occasionally get "<person> would like to add you to his LinkedIn network" emails, and I know for a fact that <person> did no such thing (because I asked him about it, and he knows I don't use social networks anyways.)
TIL. Thank you, will watch out for those.
-
@ben_lubar said in Here's a phishing scam. Don't click it.:
@Benjamin-Hall said in Here's a phishing scam. Don't click it.:
googlesupport@google.con
Why would a spammer ever do that? Generally if an email server would complain about SPF, it's not going to accept an email from an invalid TLD.
-
@Gąska said in Here's a phishing scam. Don't click it.:
@ben_lubar said in Here's a phishing scam. Don't click it.:
@Benjamin-Hall said in Here's a phishing scam. Don't click it.:
googlesupport@google.con
Why would a spammer ever do that? Generally if an email server would complain about SPF, it's not going to accept an email from an invalid TLD.
Is that a TLD specifically to be used for conning people?
-
@ben_lubar Time to register http://ba.con/
-
@anonymous234 said in Here's a phishing scam. Don't click it.:
I always thought this would also be a decent strategy to combat spam. Make some "fake spam" in a forum or game or whatever. Check who clicks the links and ban them for a day for feeding the spammers.
I think someone tried a variation of this idea to combat uncivilized discourse in forum discussions. I can't remember who that was, though...
-
@remi said in Here's a phishing scam. Don't click it.:
@anonymous234 said in Here's a phishing scam. Don't click it.:
I always thought this would also be a decent strategy to combat spam. Make some "fake spam" in a forum or game or whatever. Check who clicks the links and ban them for a day for feeding the spammers.
I think someone tried a variation of this idea to combat uncivilized discourse in forum discussions. I can't remember who that was, though...
Rosie O'Donnell?
-
To be fair with the forwarders, I'm not sure myself how to forward a suspicious e-mail to admins while making the links non-functional without altering anything else.
On the other hand, I do think if I ever send a phishing warning to lusers, I'll have the sense to use the wooden table method instead of forwarding the mail itself.
-
@Medinoc said in Here's a phishing scam. Don't click it.:
To be fair with the forwarders, I'm not sure myself how to forward a suspicious e-mail to admins while making the links non-functional without altering anything else.
On the other hand, I do think if I ever send a phishing warning to lusers, I'll have the sense to use the wooden table method instead of forwarding the mail itself.Here's what I would do:
- Open whatever your mail client's "view source" option is.
- Copy the entire thing (including headers) to a new email.
- Replace any instance of "http" with "hxxp" so they aren't clickable links but still uniquely identify an address.
-
@Medinoc said in Here's a phishing scam. Don't click it.:
To be fair with the forwarders, I'm not sure myself how to forward a suspicious e-mail to admins while making the links non-functional without altering anything else.
On the other hand, I do think if I ever send a phishing warning to lusers, I'll have the sense to use the wooden table method instead of forwarding the mail itself.Everywhere I've worked, you forward as attachment. That preserves the headers and everything else. Also allows an explanation of the attached email before it's opened so the two can't be confused.
-
@Medinoc You forward it to the IT department as-is. They're the ones who should be intelligent enough to sanitize the email before they forward it to all the clueless idiots in the company saying "hey don't click this thing".
Also I'm moderately pissed (6 years later even) that there weren't any phishing scam links for me to click in the OP.
-
I once sent a friend a program he asked, renamed to virus.exe. He refused to run it, no matter how much I explained I just renamed it. Had to send the original file.
-
@sockpuppet7 The second one didn't have a trojan to mess with his head? :evil_grin:
ICANN marginally approves the .CON gTLD
