The goal of a phishing scam is to get you to provide the scammers with your personal, private information; in order to do that, they have to get you to click on their link. Two scams recently sent to us illustrate two common, yet opposite, strategies. An interesting twist is that both emails actually use the concept of email security to gain your trust: hey, if it’s about security, it must be a legitimate email, right? That’s why it’s very important to check any link in any email before you click on it.
Scared into Submission
This is a very common technique: the scammer, usually pretending to represent a trusted institution, presents you with a problem that’s meant to scare you into immediate action, and then provides you a link in order to “fix” your “problem.” In this case, they’re pretending to be Google, and they’re threatening to shut off your email account—unless you click the link. Often, as in this case, scammers use the term “verification,” as if reassuring you that you’re not revealing anything they don’t already know; “verify” is always a warning sign. The email’s grammar and spelling is already dodgy, and hovering over the link reveals that it’s a fake.
Dear firstname.lastname@example.org ,Sorry you are seeing this.
We are doing a spam and fraudulent verification survey.Please its very important you participate in this survey to help us serve you better.Move message to Inbox and perform this verification survey.
Click here to help you perform this verification survey. The achievement of this survey is to track and shut down fraudulent user and phising domain to help improve and make your mailing system better.Please If a verification response is not gotten from you in the next 24 hours, we will assume you are a fraulent user and shut down your mail account, till after proper verification recovery before you can access you mail account again.Thanks.
All Domain 2014 Team.
powered by: Google+
Under the Radar
This is the type of phishing scam that’s trying to slide under your radar. Rather than scare you, it’s trying to lull and/or bore you. It’s pretending to be a routine business email. Terse and to the point, it’s trying to be an innocuous everyday communication. It seems important, but not that interesting: just the kind of thing you’d be likely to click on, just to clear your inbox. Hovering your cursor over this link reveals that it’s a website based out of India, not Stanford. (We’ve removed the link; we don’t want anyone to actually click on it.)
From: Stanford University <email@example.com>
Subject: You have (1) new Security Mail
Date: June 16, 2014 6:40:46 AM PDT
Reply-To: Stanford University <firstname.lastname@example.org>Dear User,You have (1) new Security Mail.
Kindly CLICK HERE to read now.
© Stanford University. Stanford, California 94305