English Deutsch Français Italiano Nederlands Español Arabic العربية Persian پارسی Russian Русский

• Products
  • Internet Security Pack
  • Anti-Malware
  • Online Armor Firewall
  • Mamutu Behavior Blocker
  • Free Emergency Kit
  • Commandline Scanner
  • MalAware - 1 min Scanner
  • Web Malware Scanner
  • BlitzBlank
• Business
  • Internet Security Pack
  • Anti-Malware
  • Anti-Malware for Server
  • Anti-Malware Enterprise
  • Anti-Malware Update-Proxy
  • Commandline Scanner
  • Helpdesk Scanner
• Download
  • Trial- and Free-Versions
• Order
  • Internet Security Pack
  • Anti-Malware
  • Anti-Malware for Server
  • Online Armor Premium
  • Mamutu Behavior Blocker
  • Commandline Scanner
  • Helpdesk Scanner
  • Buy from a local partner
• Support
  • Contact Us
  • FAQ - Frequent Questions
  • Support Forum
  • Customer Center
  • User Account/Newsletter
  • Lost Password?
  • Knowledgebase
  • Blog
  • Malware List
  • Malware Statistics
  • Submit Suspect File
• Partner
  • Affiliate Program
  • Reseller Program
  • Distributor Program
  • Technology Partners
  • Cross Promo Partners
  • Our Local Distributors
• About Emsisoft
  • Company Portrait
  • Press Center
  • Logos, Icons, Boxshots
  • Tests & Reviews
  • Malware Blog
  • Company Profile
  • We're hiring! Job offers

Current email traps
Phishing examples and hints on how to recognize them

Have you ever wondered why you receive emails from well-known companies like DHL, Amazon or various financial institutions from time to time? Well, you should be, especially if you have never done business with them before. Often, these emails are not sent by the aforementioned big companies, but by criminal fraudsters. In this article we would like to show you some current examples and how to recognize and protect yourself from such fake emails.

How phishing works

Fraudsters like using well-known company names for two reasons; first, these names appear trustworthy and second, the recipient is quite likely to be an actual customer of theirs. The objectives of these fake emails vary: The author may "just" want to spy on data; or he is trying to infect your PC with malware or he may even try to relieve you of your money in various ways.

Example 1:

This is a classic phishing attempt, but luckily a bad one. Poor grammar and a lack of the company return address stand out in particular. It is thus unclear at which company Mr. Shaw is the Treasury Manager but the dubious email address should also make you suspicious.

In addition you will surely have noticed that you are not addressed personally. If you still click on the link of the obviously fake email, you are going to be asked to enter your credit card details on a strange looking website. If you actually do enter your data then you should not be surprised by the strange charges on your next credit card bill. The screen shot shows clearly a cryptic-like URL hidden behind the link. You just need to shortly move the mouse over the link to see the link address.

Example 2:

This is a slightly better attempt and is aimed primarily at recipients using the online payment service Paypal. They claim that there were failed login attempts and the recipient should therefore open the file attached to the mail. The recipient will then be asked to enter their account details and if he does, the fraudster will have full access to his Paypal account.

As customers usually have a positive balance on Paypal or at least they have got their bank or credit card details saved, the goal is obvious: your money will quickly be transferred to different Paypal accounts and thus into the thieves' pockets. Furthermore, opening the attachment is also likely to infect the victims’ PC with malware.

Again the fact that the email is not personally addressed to the customer stands out. Official mails sent by Paypal always start by personally addressing you. Besides, neither Paypal nor any other company will ever ask you to enter your login data, and attachments apart from PDF files are rather rare.

Example 3:

This fraud attempt aims especially at people's curiosity. As far as we can see, it is at least about a bank transfer, and there is also a file attached to the mail. Unfortunately a lot of recipients of such emails overlook the fact that they are not personally addressed and that they probably did not even have a pending transfer. The layout does not really look professional, either.

What's interesting here is the fraudster's intention: they would like you to open the attached ZIP file disguised as a PDF file. Once you open the ZIP file, it will contain the executable file report485770.pdf.exe which is also disguised as a PDF file.

The fraudster has even made the effort of giving the file an Adobe Acrobat icon. Whoever falls for this trick opens their PC's floodgates to real malware - as the file that looks harmless at first sight is a worm recognized by Emsisoft Anti-Malware as Win32.Garnarue.

How to protect yourself

All these examples are genuine and were not recognized by spam filters in well-known email clients like Microsoft Outlook or Thunderbird. There is a high risk since it is mostly your wallet or the security of your PC and thus your data that are under threat.

Incoming mails should always be analyzed before opening any attachments or links. Please keep the following aspects in mind:

• What mail address was used in the "To" field? If the mail is not addressed to your exact address, it is quite likely to be a fraud attempt.
• The mail address used by the sender should also clearly make sense. Most companies use formats such as Name@company.com or at least general addresses such as service@company.com or support@company.com.
• Are you addressed by name? Mail-order companies, friends and family members usually know your name and will therefore send you personalized emails.
• What does the layout look like, is it professional and does it reflect the company's identity? Serious senders pay attention to style and looks whereas fraudsters mostly do not. Mails containing many typing errors are particularly likely to be fraud attempts.
• Do contained links really take you to the company's website? When moving your mouse over a link, you can clearly see where it is going to take you to. If the URL looks cryptic: Hands off!
• What kind of file is attached to the mail? You will usually receive PDF or DOC files, as there is no need to compress them into ZIP files. Never run any exe files! Please always pay attention to file extensions.

The more points in this list are met, the more likely someone is trying to trick you. You can also protect yourself actively by following these three rules:

• Display mails as "plain text" rather than HTML. This will make some mails look odd, but will enable you to immediately recognize fake links.
• You are asked to log into your account or contact a certain company? Do not click on any links or open any attached files; instead enter the URL of the concerning company manually into your browser. If in doubt, just get in touch with your contact person or support, as they can tell you whether these emails are genuine or not.
• Use anti-virus software offering real-time protection. Emsisoft Anti-Malware, for example, protects you in three ways by blocking malware before it can be executed using the high-performance dual engine scanner or the behavior analysis. In addition, the surf protection warns you about many phishing sites when you try to access them.

 

We wish you a malware-free time!

Your Emsisoft Team
www.emsisoft.com