Rule #1 for Detecting a Phish

Golly. This one was really hard to spot. Just kidding. This is obviously a fake email. I don't think that American Express is likely to be sending email from "Steakhousetopia.com" regardless of how challenging Internet operations might get.

A Mac Hack

Here's a clever two-step attack on a Macintosh. First, the victim downloads a file - it may be enough to email it to the victim as an attachment. Second, the victim opens a file or clicks a link. This executes the downloaded file. Yipes!

Invoice Phishing Campaign

Here is a phishing email I received today. These almost always land in my junk mail (hooray!). This particular one encourages me to click on a Microsoft Word file claiming to contain an invoice I should pay. I also received a couple with ".xps" attachments. These apparently make use of printer paper specification files in... Continue Reading →

Interesting Email Scam I Received

I received an impressive email scam recently. My response was to forward it to the email provider's abuse contact (abuse@outlook.com) and file a complaint with the Internet Crime Complaint Center (ic3.gov). I'll include the whole email later. The bottom line: Scammer has my password and will humiliate me if I don't pay $1900 in bitcoin.... Continue Reading →

How to Trace an Email Message

There is no way to verify an email's contents except through cryptography. Until every email client includes encryption and reliable authentication, we should always doubt an email's source. We can increase our confidence in an email a little, though, by tracing its path through the mail system. I use this technique more-or-less daily to look... Continue Reading →

HR and Phishing

I receive thousands of emails every month. I do a lot of (for me) critical activities online. I never receive legitimate emails demanding a suspicious online action any more. Except from HR departments. IT security people know this is a problem. The upper left image comes from the University of Minnesota's phishing awareness blog. HR people... Continue Reading →

My invitated – a classic phishing attack

Phishing emails can be tiresome. Sometimes, though, they are classically bad. Even better, this one uses an old-school strategy to get you to click on a suspicious link. The domain name is "nytijmes.com" which at first glance appears to go to a more-or-less legitimate news site. The extra "j" in "nytimes" is easy to overlook.... Continue Reading →

Create a website or blog at WordPress.com

Up ↑