Golly. This one was really hard to spot. Just kidding. This is obviously a fake email. I don't think that American Express is likely to be sending email from "Steakhousetopia.com" regardless of how challenging Internet operations might get.
Here's a clever two-step attack on a Macintosh. First, the victim downloads a file - it may be enough to email it to the victim as an attachment. Second, the victim opens a file or clicks a link. This executes the downloaded file. Yipes!
Here is a phishing email I received today. These almost always land in my junk mail (hooray!). This particular one encourages me to click on a Microsoft Word file claiming to contain an invoice I should pay. I also received a couple with ".xps" attachments. These apparently make use of printer paper specification files in... Continue Reading →
I received an impressive email scam recently. My response was to forward it to the email provider's abuse contact (firstname.lastname@example.org) and file a complaint with the Internet Crime Complaint Center (ic3.gov). I'll include the whole email later. The bottom line: Scammer has my password and will humiliate me if I don't pay $1900 in bitcoin.... Continue Reading →
There is no way to verify an email's contents except through cryptography. Until every email client includes encryption and reliable authentication, we should always doubt an email's source. We can increase our confidence in an email a little, though, by tracing its path through the mail system. I use this technique more-or-less daily to look... Continue Reading →
I receive thousands of emails every month. I do a lot of (for me) critical activities online. I never receive legitimate emails demanding a suspicious online action any more. Except from HR departments. IT security people know this is a problem. The upper left image comes from the University of Minnesota's phishing awareness blog. HR people... Continue Reading →
Phishing emails can be tiresome. Sometimes, though, they are classically bad. Even better, this one uses an old-school strategy to get you to click on a suspicious link. The domain name is "nytijmes.com" which at first glance appears to go to a more-or-less legitimate news site. The extra "j" in "nytimes" is easy to overlook.... Continue Reading →