My invitated – a classic phishing attack

Your InvitatedPhishing emails can be tiresome. Sometimes, though, they are classically bad. Even better, this one uses an old-school strategy to get you to click on a suspicious link.

The domain name is “nytijmes.com” which at first glance appears to go to a more-or-less legitimate news site. The extra “j” in “nytimes” is easy to overlook.

I’ve actually received two phishing emails like this, the one above with the grammatically hilarious “Your Invitated” subject line, and another that was more grammatically accurate and directed through the domain “Protton.com”

Both emails provide an invitation, a date and time, a contact address, and a legitimate-looking URL to click. Other phishing emails I’ve recently received have had inscrutable domain names that look like they were randomly generated.

Both domains appear to have different owners. I wonder if the choice of domain names was purely random based on those an attacker managed to collect. Both domains are registered through enom.com, a wholesale domain registrar. I sent an email to their “abuse” address.

Enom was the first registrar I encountered who had a really decent GUI for domain management. Now they’re just one of the pack.

Comments are closed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: