Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Jeez It's Dangerous in Your Inbox | Main | Yeah...Well, No. »

December 09, 2014

Buzzword Phishing for Email Credentials

I can't tell you how many times I've received email messages claiming to come from my domain's mail administrator with some kind of request to confirm login credentials. Of course I know they're complete bullshit because I am the one and only administrator for each of my domains. And, since I don't use hallucinogenic sleeping aids, I know that I didn't send those messages.

But these things do concern me when I think of an employee working in an organization who might be tripped up by a message claiming to originate from "Webmail.Adminstrator@[theDomainOfYourEmailAccount].com/.org/.edu". Such as the following turdlet:

From: Webmail.Adminstrator@dannyg.com
To: Recipients@dannyg.com

IT Services Support

We at Technical Support are presently upgrading all webmail account(s) to
our new server platform which has been changed to ensure continued vendor
support, compliance with relevant legislation of services, redundancy and
service continuity in functioning better in our service platform were all
subscribers will enjoy an increased quota to 100GB.

In this regard, your webmail account is in the process of being upgraded to
a new set of Windows-based servers and an enhanced online webmail interface
inline with our infrastructure maintenance. The new set of servers will
provide better anti-spam and anti-virus function, along with IMAP support
for mobile devices that Support IMAP to enhance your usage.

To ensure that webmail account is not intermittently disrupted but active
during and after this upgrade, you are required to confirm your webmail
account(s) login details by stating right here:

* Email Address:
* Password:

As this will prompt the upgrade of your account.Failure not to provide your
login details information, your webmail account will be deactivated
immediately and you

would have access to your mailbox again. Please take note.

We apologize for any inconvenience caused.

Technical Support

C 2014 webmail , All Rights Reserved.

This email is free from viruses and malware because avast! Antivirus protection is active.

The author of this message dipped a big spoon into a tureen of techy buzzwords and sprinkled them liberally to generate a lot of meaningless crap that could still fool the non-techy person into thinking, "Hey, this guy must know what he's talking about." The recipient might not even see the logical FAIL towards the end, where some words must have gotten jumbled in the translation from Russian or Chinese.

Hidden on many email client views of this message is the Reply-To: address, which is a gmail account. That's where the golden keys to your email account—and conceivably to the rest of the organization's computing network—would go if you comply with the request in the message.

Ideally, every employee would have been trained to be on the lookout for any email messages requesting login credentials to any part of the corporate network, and then instructed to telephone or physically visit the IT support desk to verify the legitimacy of the request. With any luck, the support person won't be an asshole (because you're the 20th person to bring this up) and will reward you for your vigilance with at a "Way to go!"

Posted on December 09, 2014 at 07:17 PM