Gone Phishing


Thought Leadership

Gone Phishing

Chris Burger

Before you open that next email from a well-known company – news site, bank, vendor – give yourself an extra second or two to examine it closely. Here at AppRiver, we’ve seen a dramatic increase in phishing attempts lately and you don’t want to be next on the hook.

Spammers are disguising themselves as familiar companies such as ADP, eFax, and DHL to trick you into giving up valuable company or personal information. The best way to avoid becoming a victim is to notice irregularities in the message. These are warning signs of a possible phishing attempt.

Below is an example:

The first element to consider is that the “From” line says it’s being sent from ADP’s billing department, but we can see it’s actually from the domain littlebaja.com. (Probably not ADP’s billing department.) As you might expect, legitimate companies typically send from their own domains.

Another example is shown below with the efax message. Although it looks very similar to efax.com, it’s really “exfaxo.” Close, but no cigar. And no click, if you’re wise.

Next, consider what the email is asking. In many cases, scammers will try to get you to click a link. If that’s the case, hover over and see if the same address appears. If you are not using a computer, you might notice when you click that the destination page isn’t the same as the link.

If you get to the page (and let’s hope you won’t), you’re greeted with a request for login information. They try to make it look professional by automatically grabbing your email and prefilling it in the username box. In this case, they are phishing to get your login credentials. (The actual user’s email address was omitted for privacy.)

Also think about whether this is an email you were expecting or have gotten before. They tend to be very generic in nature and unprompted. With the more shopping being done online it is easy to look at these emails and think that the invoice, fax, or tracking information is valid. That’s human nature, and it’s exactly what scammers are counting on to lure you in.

Phishing usually works because we’ve developed predictable behaviors, like trusting a familiar logo, clicking a hyperlink, and entering a password below our email address. To avoid being a victim, however, we need to develop new habits that include viewing each email with a skeptical eye, looking for tell-tale signs of a scam, and never entering credentials on a questionable site.