Spotting a phishing (hacker) email

 How to spot a phishing email

A phishing email is an email which looks legitimate but which tricks you into clicking a dangerous link or giving over your credentials to login to other systems like social media or banks.

Many people receive phishing emails. They are sometimes convincing. 

General properties

  1. They look convincing
  2. You feel a sense of urgency to deal with the email due to the implied problem
  3. They do not actually come from the system in question even though they say they do 
  4. Their email layout looks like the normal system email layout that you might get from the true system (e.g. your bank or facebook or whatever), but there are telltale signs that it is not from that system.
  5. They might have attachments, e.g. a fake bank statement, or fake password reset.

In this post I will show you a few mails, starting with a fake Facebook password reset email. If we look at the above, we will see how to (A) detect that it is not actually from the real system, and (B) how to spot that the content links are fake as well.

Don't panic

On items 1 and 2 above, don't panic. The key issue here is they create a sense of urgency. Your account, it says, has been hacked. Not true. In fact, until you click on links in this email, your account might well still be safe. FIRST check that the email is real. IF it is a fake email/phishing email, your account will only be hacked IF you comply with the email contents and click its links. In other words, it's possible that your account is in fact safe and it is you who will unlock it for hackers! So watch out.

A. Spotting that it is not from the real system

In general, the email "from" will say "Facebook" or your bank's name or similar. However, if you inspect the email address you will see it is not @facebook.com or @mybank.com or whatever. It will be something arbitrary or similar. So it might say @facebooksecurityz.com or @mybank.com.net or somesuch.


So if we look at this email message, we see a couple of warning flags. The first is that although it is addressed to you and it says it is from Facebook, we notice 

(a) typographical errors, e.g. it says "If you have Iphone", not "If you have an iPhone". Presumably this is to trick you into revealing whether you have an iPhone or not so they can send targeted malware (viruses). 

(b) It is addressed to you as "my.name", meaning they just took the front part (localpart) of your email address as your actual name. So if your email address was FatBoy123@gmail.com, it would say Hi FatBoy123. However, that's not your real name. Since Facebook and your bank have your REAL name, it would be addressed to your real name. Note the dot between my and name. That means that in this case, your email address was something like my.name@gmail.com. 

Secondly if we click the from address, that is, who sent it to us, even though it says it is from Facebook, it is not:


Clearly that is not a Facebook address (yes this is actually a real hacker's address).

B. How to tell that the links are bad.

At the bottom of the email, it has two links - a fake report button, and a fake yes button. Both do the same thing actually - they take you to a dodgy website which asks you to login to facebook, or, they send your details to hacker email addressses. So, you do not click the link buttons, you rightclick them (or long-press on a phone or tablet). That will offer you the option to copy the link address.


When you paste the link that you copied, you will see it does not say "Facebook.com", or any other legitimate site:


When you open the web address separately in a browser, you'll see it is a fake login for Facebook. The entire page looks legitimate except the URL (web address). It is not legitimate. STOP NOW.

Sample of Post Office scam

So this one arrives as an SMS message claming a parcel is ready for collection.

If you click the link, it takes you to a fake post office site. It looks really real though! 
But you can tell it is fake because the URL is "posstoffice.co" not "postoffice.co.za".



So it data-captures all your personal demographics which it can then use to break into systems.

Sample of Banking Scam

This scam tries to get you to click an HTML attachment which contains a malicious javascript. It pretends to be a report on your banking points. Since this might not be your bank and since you might not subscribe to this point system, it's easy to spot the scam. However, if you do subscribe to this bank and its point system, it looks convincing. So how do you tell it is a scam? The HTML attachment. The HTML should only be in the body of the message so you can see clear-text what it does. An attachment that you click with an embedded javascript is clearly malware.



Sample of Courier scam

This scam arrives as an SMS. It tells you to click a link. It takes you to a site that LOOKS like DHL. However if you look at the URL, you can see it is CodeAnyApp.com. When you scroll down, you see a link to make a credit card payment to ensure your delivery takes place. This one is pretty obviously a scam if you are NOT expecting a delivery. However, if you ARE expecting a delivery, it might be tempting to follow through and pay, so as to get your parcel. However, even though it says it is taking R50 from you, you never know waht the back-end code actually does. It may take $5000 for all you know. So do not click it and do not fill it in. ALWAYS look at the web address/URL. DHL is DHL.com. Not CodeAnyApp.com. 




Example of a fake online purchase/payment scam

So this guy pretended he wanted to buy our Mac. He sent a fake Aramex shipping page. Then when you click on the buttons it asks for credit card details. The URL is https://aramex. loadc-o.  eu/99700820610   ..PS I do not care about protecting this guy's phone number since his details are fake. Whois and RICA lookups do not return the same data as what is purported in these screenshots.






Sample of fake invoice scam

This scam arrives as an email. It tells you to click a link. It takes you to a site that looks like Microsoft Word (Office 365). However if you look at the URL, you can see it is not (booo.html?!?!). ALWAYS look at the web address/URL. Also, if you look at the code of the site it clearly shows... it's a hacker thing.






Popular posts from this blog

Building an OR gate

Image
In this post we see how to build a logic OR gate. It's actually really simple to understand. Let's take a case where you want your car windows to wind up automatically, if either the engine is stopped OR the door is open (realistically you might not want that, but this is just a thought experiment). We are looking at two states: engine running (true/false) and door open (true/false). Using "1" for "true" and "0" for false, we want the window to wind up if either or both are true. So this is the truth table (v = OR): Engine on v Door closed = wind up Engine off v Door open = wind up Engine off v Door open = do not wind up Engine on v Door open = wind up 1 v 0 = 1 0 v 1 = 1 0 v 0 = 0 1 v 1 = 1 This also corresponds directly to English. "If my car door is open OR the engine is running, wind up the window, otherwise do not." Here's the actual circuit and a video.  
Read more

Building an AND-gate (logic flow/logic gate)

Image
 In this post we see how to build a logic AND gate. It's actually really simple to understand. Say you have a car door and a car ignition. On the car door you have a magnetic switch that lets a wire spring back to closed mode when the door is open. Ignition has electricity through it when the engine is on. SO you have live current in both scenarios, right? Call that state 1 and 1 Now consider a state where either the ignition is off AND the door is open, OR the door is closed AND the ignition is off. Call that state 0 and 1 or 1 and 0 (1=open/on, 0 = closed/off). Now suppose you want the interior head light in the car to turn on when the door is open and the ignition is on. You put a lightbulb on a wire. Then leading to that set of wiring you have this thing I made = an "and gate". You have electricity from the door and engine going there. The and gate does this: engine on , door open = 1 and 1 = true. Electricity must go to the light above your head. engine off, door ope
Read more