We phish you a merry Christmas!

 

We all receive dodgy emails from time to time, with people attempting to steal our credentials to get access to our data and money.

Usually, these attempts are poor and quite noticeable however sometimes they can be done to a slightly higher standard which can make people slip up.

There are many people who fall short of these attempts, so please share these tips where possible as you might just improve someones Christmas!

Here is the specific phishing email that I received;

As you can see, the actual content of the email has been written in a way to make you trust and believe that the sender is coming from Amazon and has the best intentions.

Tactics like this are typically the ones that make you trip up as the average quality of a phishing email is usually poor.

The subject line contained the amazon.com domain but clicking on the email header showed this in fact came from a domain that definitely wasn’t amazon.

This got through spam filters by using a legitimate website which looks like it has has DNS redirects set up to allow for a redirect to the attackers site.

Once you have clicked on the link, a user will be redirected to a site that is very similar to the amazon website itself (see next screenshot) and has been built to a high standard.

The hackers version of amazon

If a user had typed in their credentials, these would have been taken off to the attacker and stolen.

Be careful and take 5 before opening emails! It may cause some serious headaches.

There is lots of free guidance out there for you to use, for example; https://takefive-stopfraud.org.uk/

Leave a Reply

Your email address will not be published. Required fields are marked *