Dissecting Phishing Emails | Blog de Stewart Title

Most phishing attacks are designed to do two things, (A.) steal user credentials or (B.) get malicious code downloaded to a user’s computer. But just how do you recognize an attack?

In this post, I’m going to show you examples of “phishy” emails that should raise a flag in your mind. I’ll show you what to look for, explain what these emails are designed to do, and make sure you know how to steer clear of the danger zone.

This email (image 1) caught my eye, and I want to explain why. It is not uncommon to see voicemail message notifications delivered over email. With an abundance of companies using Voice-over-IP (VoIP) telephone systems, most modern switches provide this option. The majority of these notifications will arrive with a voicemail attached to the email as a "something.wav" file.

What is unusual about this email is that the attachment is an .html file. An HTML file extension (image 2) is always associated with Web pages and, if opened, will launch your default browser.

From there, your browser will open the local file (image 3). If you were to click the "Read Message" hyperlink, you would land on a near replica of the authentic site – one that’s so close in appearance to the legitimate site that many users are duped into providing their credentials.

Also, take a look at the URL. It is humongous because it was likely auto-generated. And look: There is even a padlock shouting, “I am secure. Give me your information.”

So what did we learn?

• Only your home, mobile or workplace phone will have a voicemail you should listen to. Most home or mobile operators don't provide voicemail notifications out of the box. You should know or inquire if your company uses voicemail notifications.
• You should never receive a legitimate voicemail notification that requires you to go somewhere else to listen.

As always, think before you click.