Perfect timing! Here's a phishing email that just arrived, and a prime example to show a few tips on how to spot a problem email. The subject of the email was "subscription renewal", and at the beginning of the month a lot of these may arrive in anyone's inbox. This one immediately caught my eye because the preview text showed "Hello dear". The other thing to note is that we've all been taught to not "click on the link", but this one invites us to call a number. That's a common new tactic and in the never ending cat and mouse game as computer users become more aware of dangerous links, the cyber criminals just come up with a new twist.
Here are several red flags about this email:
- subscription renewal - Typically the first line of an email subject would be capitalized.
- Malware Bytes - Malwarebytes is a very popular security product, and it is ONE word, not two.
- "subscription renewal" email actually is a random gmail address. Very often these free services are abused like this. An actual renewal would be from a company domain.
- The email arrived at 4:11am. An automated batch of emails could arrive any time, but this is an unusual time especially since Monday was a holiday.
- The salutation says "Hello dear". If it were actually a renewal, they would have had a real name in the database
- "Technical Management Department" - Makes no sense.
- "You" and "Placed" are capitalized randomly.
- Product "Advance Security" - Should be "advanced"
Then they get you with the big dollar amount, and that's how they get a reaction because OF COURSE this transaction wasn't authorized. Phishing emails typically prompt some sort of urgency. Since security is such a hot topic these days, recipients may be doubly anxious to make sure all subscriptions are in order. Being savvy, they put in a phone number instead of a link so people will be tricked into thinking it's safe to call. Typically the next step would be some attempt to get a credit card number to "refund" the charge. Don't call!
This particular email had a lot of mistakes and red flags and keep in mind that some are far better crafted and harder to spot. Also keep in mind that reviewing an email like this on your computer makes things a lot easier to see than on your tiny phone display. Sending email blasts like this doesn't cost any money, and the scam works if they get a tiny percentage of recipients to call. Everyone thinks they won't fall for a scam, but imagine seeing this on your phone on a busy day where you may have a few moments between meetings and you just want to "take care of it".
In so many of our cybersecurity training sessions we reiterate "Think before you click!". New twist: "Think before you CALL!"