Many fake emails that are part of spam campaigns can be spotted from a mile as being malicious, but experts have found that cybercriminals are working on improving them and making them more realistic.
The SERT research team over at Solutionary have analyzed a classic FedEx spam message and have detailed not only the elements that make it more realistic, but also the clues that clearly show that it’s part of a scheme.
Many internauts are aware of the fact that fake FedEx emails that try to phish out a user’s credentials contain bogus information. However, in one variant, the tracking number actually worked and matched a shipment to Toronto, Canada.
Furthermore, one of the links from the email actually led to the official currier site and not some Blackhole-infested domain like in many of the cases we’ve seen.
“These attempts are getting better, especially when they first direct the user to an official site. It won’t be long before you won’t be able to tell the difference between a phishing attempt and an official email. Systems and/or security departments should keep informing coworkers of these types of emails,” Brad Curtis from Solutionary explained.
“The more users see real examples and are informed, the less they will be apt to click 'that'link. It takes much less time to research these emails and put together a simple Security Tip notification than it does to clean an infected machine, or worse, a piece of production equipment.”
On the other hand, the classic mistakes made by spammers are also present. A second link didn’t point to Fedex.com, but a children’s website that was most likely compromised to host a shady .zip file.
The archive contained some sort of malware that came as a .pif file.
The example presented in the screenshot contains a number of 9 indicators that give away the fact that it’s a fake. If you can’t identify them all, head down to the Solutionary blog where they’re all detailed.
Source
The SERT research team over at Solutionary have analyzed a classic FedEx spam message and have detailed not only the elements that make it more realistic, but also the clues that clearly show that it’s part of a scheme.
Many internauts are aware of the fact that fake FedEx emails that try to phish out a user’s credentials contain bogus information. However, in one variant, the tracking number actually worked and matched a shipment to Toronto, Canada.
Furthermore, one of the links from the email actually led to the official currier site and not some Blackhole-infested domain like in many of the cases we’ve seen.
“These attempts are getting better, especially when they first direct the user to an official site. It won’t be long before you won’t be able to tell the difference between a phishing attempt and an official email. Systems and/or security departments should keep informing coworkers of these types of emails,” Brad Curtis from Solutionary explained.
“The more users see real examples and are informed, the less they will be apt to click 'that'link. It takes much less time to research these emails and put together a simple Security Tip notification than it does to clean an infected machine, or worse, a piece of production equipment.”
On the other hand, the classic mistakes made by spammers are also present. A second link didn’t point to Fedex.com, but a children’s website that was most likely compromised to host a shady .zip file.
The archive contained some sort of malware that came as a .pif file.
The example presented in the screenshot contains a number of 9 indicators that give away the fact that it’s a fake. If you can’t identify them all, head down to the Solutionary blog where they’re all detailed.
Source
