Phishing Trip

Let’s See If You Take The Bait

The first week of the National Cybersecurity Awareness Month is here. We’re going to cover a myriad of topics throughout the month to help you become more cyber aware. You may think you’re cyber savvy, but can you spot a phishing attempt?

Phishing attempts have evolved. The use of company logos and more advanced graphics have made many phishing emails look pretty credible. There are still ways to be able to protect yourself against these deceptive threats.

A Blatant Lie

One of the most common phishing emails I’ve seen has been the lie. Many cybercriminals try to prey on our increased tendency to shop online or download apps. I’ve encountered emails telling me my account will be suspended or an order is ready to ship. They are usually coupled with instructions to click a link, or more commonly, open an attachment.

This may sound tempting, especially if the claim is that a large amount of money will be taken from your account. But it’s always best to do some checking before you become a victim. Let’s take a look at the email below.

This is a phishing email I received telling me my Apple ID had been used to purchase a dating app. I’ll give it to the creators of this email, it’s a decent spoof. There are, however, a few things that look off from the start.

First, when you look at the “To:” line, it mentions that this was sent to a support@store… account and one other. A real email from the Apple store is always sent directly to my email address.

Second, it mentions I have to click on an attached document to report a problem. Apple Customer Care is always a link or they refer you to the Apple Care email.

Next, reputable companies have email addresses that end in their company name. You’ll never receive a credible email from Apple that doesn’t end with some form of @apple.com. Usually, these receipt emails from Apple come from [email protected].

The Scare

What these emails are meant to do is scare you into clicking. Let’s take another look at the second part of the email; the receipt page.

A well formatted fake

This is a pretty convincing spoof. I was fairly impressed when I opened this. But a little common sense told me that this was obviously a phishing attempt. For starters, I don’t have dating apps.

Furthermore, there were no new apps on my phone or iPad. A new app downloaded on one device that’s synced with your other devices will deposit the app across all of them. Even if someone had bypassed the security code on my devices and figured out my Apple ID and password, there would still be evidence of it on at least one device.

The problem, however, is the price tag they’ve attached to this service. No one wants an unexpected $75 coming out of their account. These cybercriminals are banking (literally) on your fear to lead you to a gut reaction. Common sense and a little investigation could save you.

Spot The Fake

Now let’s take a second look at this first page.

Phishing attempt spoofing Apple

Remember we talked about how odd the “To:” line is? Let’s click and expand it.

An email so long it can’t all be seen

Here’s where the final proof is revealed. When you click the address this was sent from, you can clearly see it’s a long, complicated email address. Again, no reputable company is going to have an email so long you won’t be able to see all of it.

This is, in fact, a tactic used by cybercriminals to help confuse you. Since the name is so long, it occupies enough space so you don’t see the end of the address that comes after the @ symbol. This is a dead giveaway of a scam.

Protect Yourself

Checking the email address is the easiest way to double check an email before you fall victim to the scam. A little common sense also goes a along way. Finally, you can separately log into your account.

For me, I would go to my Apple account and look at my downloads and purchases. Once I see that this app is no where in my history, I’ll know that I wasn’t hacked. This was just a phishing scam, and I outsmarted the criminals.

If the spoof appears to come from a credible website or online shopping site (Amazon scams are popular), independently navigate to that site and check your purchases and downloads. Never click the links or the attachments in the suspicious email.

Education is key in protecting yourself. That’s why National Cybersecurity Awareness Month was founded. By knowing that there are phishing scams out there, you can be more on alert for emails like this that may come through your inbox. Without the education, you could easily fall victim.

So next time you receive an email that doesn’t quite line up with your understanding, make sure you remember to #BeCyberSmart and check it. Hope you’re staying safe out there!

Photo by Alienware on Unsplash

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles