Phishing emails defraud thousands of users every day

  • November 18, 2011
  • 5 min read


blog_main_phishing

Have you ever been surprised to receive an email from a well known company like DHL, Amazon or a particular financial institution from time to time? If not, you should be, especially if you have never done business with them before. Often, these emails are not sent by the aforementioned corporations, but instead by criminal scammers. In this article we will share some current examples of phishing emails and explain how to recognize them and protect yourself against them.

How phishing works

Scammers favor using well-known company names for two reasons; first, these names appear trustworthy and second, the odds are quite high that the recipient is an actual customer of theirs. The objectives of these fake emails vary; from “only” attempting to spy on the recipient by collecting data, to trying to infect your PC with malware or even defraud you of your money using various methods.

Example 1:

Funds Transfer Phishing

This is a classic phishing attempt, though fortunately a very bad one. What is most striking is the poor grammar and the absence of the company’s return address. Not only is it unclear which company Mr. Shaw even works for, but the dubious email address should also leave you suspicious.

You may also have noticed that the email doesn’t address you personally. Now let’s take a closer look at the link we are invited to click on. The screen shot clearly shows a suspicious URL hidden behind the link. You just need to hover your mouse over the link to see the resulting address. If despite these warning signs you nevertheless click on the link, you will be asked to enter your credit card details on a questionable looking website. If you proceed to enter your data then you can expect to discover unauthorized transactions on your next credit card bill.

Example 2:

PayPal Phishing

This is a slightly better attempt and is aimed at recipients using the online payment service PayPal. They claim that there were failed login attempts and the recipient should therefore open the file attached to the email. The recipient will then be asked to enter their account details and if they do, the scammer gains full access to their Paypal account.

As customers usually have a positive PayPal balance or at least have their bank or credit card details saved within PayPal, the goal is obvious – the victim’s money will quickly be transferred to other Paypal accounts and thus into the criminal’s pockets. Furthermore, opening the attachment is also likely to infect the victim’s PC with malware.

Again, the fact that the email isn’t personally addressed to the customer stands out. Official emails from PayPal always start by personally addressing you. In addition, neither PayPal nor any other company will send you emails asking you to enter your login data, or open attachments, with the exception of PDF files in rare cases.

Example 3:

ACH transfer canceled Phishing

This scam counts on the fact that people will be curious by nature. After all, it obviously involves a bank transfer, and the email includes an attachment. Unfortunately a lot of recipients of such emails overlook the fact that the email doesn’t address them personally and that they probably don’t even have a transfer pending. The layout of email doesn’t look very professional either.

What’s interesting here is the scammer’s intention: they want you to open the attached ZIP file which is disguised as a PDF file. Once you open the ZIP file, it will contain the executable file report485770.pdf.exe which is also disguised as a PDF file.

PDF EXE Icon attached

The scammer has even gone to the trouble of providing an Adobe Acrobat icon for the file. Anyone who falls for this trick opens their PC’s door to malware – as the seemingly innocuous file is actually a worm recognized by Emsisoft Anti-Malware as Win32.Garnarue.

How to protect yourself

All these examples are genuine and weren’t recognized by the spam filters in common email programs like Microsoft Outlook or Thunderbird. Therefore the risk to you is very high and not to be taken lightly, considering that it’s primarily your wallet or the security of your PC and data that are under threat.

Incoming mails should always be analyzed before opening any attachments or links. Please keep the following points in mind:

blog_content_breaker

The more of these points that don’t add up, the more likely it is that the email is a scam. You can also actively protect yourself by following these three rules:

 

Have a nice (malware-free) day!

Your Emsisoft Team

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

www.emsisoft.com

Emsi

Emsi

Emsisoft founder and managing director. In 1998 when I was 16, a so called 'friend' sent me a file via ICQ that unexpectedly opened my CD-ROM drive, which gave me a big scare. It marked the start of my journey to fight trojans and other malware. My story

What to read next