Published on: December 14, 2019
One email, four different attack vectors. I’ve covered the different elements in the past, but it was interesting to see multiple techniques combined. The email (1) immediately meets the definition of spam/phish: obscure sender, no recipient, no greeting and a real estate-relevant attachment name. The first red flag is the attachment extension. Html is a relatively uncommon extension type for an attachment and will be open in your default browser. It's not a new trick, but it’s still used to fool email security filtering systems.
The attachment (2) looks like an email message, but it's not. If you’re not careful, you may think it's legitimate, as we are all now accustomed to secure email communications that use a web browser. The first two links point to the same phishing site posing as an MLS listing. Note that it even has a friendly MLS disclaimer. We’ve talked about the abuse of the unsubscribe link before, and here’s a perfect example. On this bogus page, the link points to yet another phishing website. As part of the master plan, the thief uses a URL-shortening Bitly link.
What did we learn today?
And don’t forget to think before you click.