Don't go phishing malicious emails!

sgt_zim

AH legend
Joined
Mar 26, 2017
Messages
3,626
Reaction score
12,339
Location
Richmond, Texas
Media
26
Articles
1
Hunting reports
USA/Canada
3
Australia/NZ
1
Member of
NRA, Houston Safari Club Foundation, NWTF
Hunted
Idaho, Texas, Louisiana
phishing - generally an attempt via email to get you to
  • click on an (malicious) attachment
  • click on a hyperlink which will carry you to a malicious website (called a "watering hole" ) where you might be tricked into giving up credentials to (usually) your bank account
  • click on a hyperlink which will carry you to a watering hole which will auto-download malware to your computer
WRT malicious attachments, if you get an email from somebody you do not know, and the email has an attachment, delete the email straight away.

If you get an email from somebody you DO know, but weren't expecting an attachment, call them and make sure they actually sent you an email with an attachment. If you can't get in touch with them in fairly short order, go ahead and delete the email anyway. Call them later and ask them to resend the email, assuming they actually sent it in the first place.

hyperlinks - a website address contained within the email. Always look closely at the hyperlink before you click on it. It is trivially easy to show a URL for something like https://www.africahunting.com as the display text, but the real URL is to some other place. It is also trivially easy to make it look like the link really is to AH, but then substitute a letter from the extended Latin or German characters that LOOKS like our standard Latin characters.

https://www.africahunting.com
https://www.africahuntìng.com

They will do things like spoof friends/family (very easy to figure out who those are with 10 minutes of research on social media), so that the "from" field on the email might look like this
from: Bob Smith <JimJones@mailer.com>

It may seem stupid, and really, who would be fooled by something so obvious? Lots of people.

Salutations: Dear Sir (or Madam, or valued customer, or customer, or ANYTHING but your name) is almost always a dead giveaway that you are being phished. Most legitimate businesses, when they send you an email, will greet you with the name your provided them when you created your account with them. The only exception I've ever seen is Wells Fargo bank. There may be others, but I've seen the legitimate emails from them. It's effing stupid, and whoever is responsible for it at WFB should be flogged.

Email body:
along with the aforementioned items, it's usually fairly obvious after reading and re-reading when the author of the email doesn't speak English as their first language. There will be mis-spellings, or grammar which while correct, is not common American vernacular. Or there could be a couple of glaring grammatical errors.

Some phishers are very sophisticated. They may embed logos from legitimate businesses (BoA, Yahoo, Amazon, etc) as part of the email. Don't get sucked in just because you see a real business' logo, watermarks, etc.

The two most common ploys of phishing emails are
1. appeal to greed - think Nigerian prince scam, or some iteration of it.
2. an attempt to invoke a sense of urgency - if you don't log in at the link below, we'll be forced to close your account within X days
3. a combination of 1 and 2

There are just no hard and fast rules for detecting phishing. With the above, and an application of common sense, you can avoid them. Just don't be a clickopotomus when you're going through your emails.
 
"clickopotamus"

A great term to add to my vocabulary!

Thanks again for sharing your knowledge base with us here Zim!
 

Forum statistics

Threads
53,621
Messages
1,131,310
Members
92,675
Latest member
jhonmark007
 

 

 

Latest profile posts

Impact shots from the last hunt

Early morning Impala hunt, previous link was wrong video

Headshot on jackal this morning

Mature Eland Bull taken in Tanzania, at 100 yards, with 375 H&H, 300gr, Federal Premium Expanding bullet.

20231012_145809~2.jpg
 
Top