Dissecting Phishing Emails | Stewart Title Blog

Most phishing attacks are designed to do two things, (A.) steal user credentials or (B.) get malicious code downloaded to a user’s computer. But just how do you recognize an attack?

In this post, I’m going to show you examples of “phishy” emails that should raise a flag in your mind. I’ll show you what to look for, explain what these emails are designed to do, and make sure you know how to steer clear of the danger zone.

This email (image 1) caught my eye, and I want to explain why. It is not uncommon to see voicemail message notifications delivered over email. With an abundance of companies using Voice-over-IP (VoIP) telephone systems, most modern switches provide this option. The majority of these notifications will arrive with a voicemail attached to the email as a "something.wav" file.


http://blog.stewart.com/stewart/wp-content/uploads/sites/11/2019/04/Image-2019-04-19-11-00-34.png

What is unusual about this email is that the attachment is an .html file. An HTML file extension (image 2) is always associated with Web pages and, if opened, will launch your default browser.


http://blog.stewart.com/stewart/wp-content/uploads/sites/11/2019/04/Image-2019-04-19-11-00-56.png

From there, your browser will open the local file (image 3). If you were to click the "Read Message" hyperlink, you would land on a near replica of the authentic site – one that’s so close in appearance to the legitimate site that many users are duped into providing their credentials.


http://blog.stewart.com/stewart/wp-content/uploads/sites/11/2019/04/Image-2019-04-19-11-01-06.png

Also, take a look at the URL. It is humongous because it was likely auto-generated. And look: There is even a padlock shouting, “I am secure. Give me your information.”

So what did we learn?

As always, think before you click.