Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
Dispatches Archive

« May 2018 | Main

June 18, 2018

Netflix Phishing Permalink

Another day, another phishing attempt.

This one is pretty run-of-the mill, but it attacks accounts held by lots of potential recipients. Unlike a phishing email I received yesterday targeting the comparatively tiny Bethpage Federal Credit Union, this Netflix attack would be much more likely to attract recipients in a massive scattershot mailing (which most phishing attempts are).

Here's the message:

Netflix phishing email message

Although the message doesn't look very Netflixy to my eye, it has just enough polish to fool plenty, despite a couple of grammar/punctuation problems. Two main giveaways to the smell of this one are: 1) the From: email address (netflox.co!); and 2) rolling over the Update Account Details button shows a link to a domain that doesn't look anything related to Netflix.

As always, if you have even a tinge of concern about your account, visit the site via a previously saved bookmark, and log in like you normally do (you may be automatically logged into Netflix of you visit frequently enough). If there is a genuine problem with your account, you'll learn about it then.

Posted on June 18, 2018 at 03:12 PM

June 11, 2018

Luno Wallet Phishing Permalink

I'm not a blockchain guy, so the email claiming to come from Luno Wallet asking me to verify my account was an immediate alarm to something sneaky. Here is the full text of the message:

From: Luno
Subject: Verify Wallet

Welcome to Luno

We have recently detected so many fraudulent SIGNUP on our website, we are hereby informing all Legit Luno users to immediately Validate their wallet by downloading attached Luno Validation form and verify your account is not a fraudulent Wallet.



Thank You
Team Luno

The attachment was an HTML file, whose source code let me see what they're up to without even having to load the page (always a risky thing to do without prior inspection). The core portion of the form included fields for your email address, your email account password (!), your Luno password, and your phone number. The destination of the form submission was to a domain created last month, but whose identity is privacy blocked.

Those four little fields contain a ton of personal information that should never be in the hands of crooks. Besides, no third party ever has the need for your email account password. Giving that up means others have access not only to your sending server, but for IMAP-style accounts, also your entire server-stored archive. Blackmail, anyone?

Account verification scams are the leading phishing techniques, used for more than two decades. If you ever receive an email asking to verify one of your accounts, ignore the email, login to your account via a previously-saved bookmark, and see if the account needs attention. 99.99% of the time, you'll be in the clear without doing a thing.

Posted on June 11, 2018 at 09:33 AM