We all know not to open email attachments, and to suspect odd emails that arrive at random from seemingly legit places. The bloggers at Solutionary have put together this rather interesting analysis of a phishing email that one of their staffers received recently.
It purported to be a FedEx shipping confirmation. FedEx and other package delivery services have long been a popular target for phishers, who craft emails that look like delivery status updates. (They are so popular that they even have their own entry on Snopes.com.)
What was fascinating about this attack is how much effort went into to making the email look realistic: a real tracking number, a real link to the FedEx website and so forth. That is, until you happened upon the link that loads up malware on your PC.
Solutionary’s bloggers state:
If a user is in a hurry and does not typically see these notifications, they could easily click the second bad link without thinking twice about it. These attempts are getting better, especially when they first direct the user to an official site. It won’t be long before you won’t be able to tell the difference between a phishing attempt and an official email.
This is the latest sign of the growing sophistication of spammers. Earlier this year, an attack targeted at Facebook users went beyond trying to trick the victim into visiting a phishing website. Instead, the attackers reused stolen Facebook account information and logs to compromise accounts. The malicious attackers masqueraded as members of Facebook’s security team to inflict further damage. And they did do damage to unsuspecting users.
- Phishing Emails Use Improved Tackle [Solutionary]
- Package Delivery Virus [Snopes]
- Facebook Security Phishing Attack in the Wild [Kaspersky]