Week in review 20 February 2015
This week was a mixed bag. We had Apple phishing emails, Commonwealth bank users were told to secure their account and a somewhat cheeky PayPal email surfaced. To round off the week a new phishing email targeting St George users appeared. Read on to see our week in review. As always, you can click through to view the full item and see the screenshots of the spam emails.
Confirm account phishing email begins
Apple users started getting hit with a new email that told them to confirm their account within 24 hours. The penalty was the usual fare of your account will be closed if you don’t respond, etc. Apparently this is all because the recipient’s billing details need updating. Aside from the draconian measures threatened for non compliance, the email itself is fairly unremarkable. It contains one link, which is to a phishing site. The phishing site looks to steal login credentials. Don’t fall for this phishing email; it is a fake.
Secure Account Phishing email says
Emails telling Commonwealth Bank users they had a secure message, and to click on a link to see the message, started circulating this week. Once again, the reason for the email is for the user to update their details. It is a fairly innocent seeming email; no implication that the user has been hacked, or message urging the recipient to act now. The link though leads to a fake site that is designed to harvest user details such as login ids and passwords. There is not much else to this email; it is relatively simple. Don’t be fooled though; it is bogus.
Cheeky PayPal phishing email
PayPal users were hit with an interesting email that informed the recipient their account has been limited, and therefore they need to click on a button labelled “Update Account” to resolve the issue. It was quite a sophisticated phishing attempt (if let down by poor grammar). Several of the links in the email were genuine, however, the one that counted led straight to a fake PayPal site. But the cheekiest feature of this email was contained in a couple of sentences towards the bottom of the email. A question in the email titled: “How do I know this is an email from PayPal?” supplied the answer “Emails from PayPal will always address you ‘Dear Customer’.” Yes, and emails from PayPal will also always use poor grammar. Nice try, but this does directly contradict what the genuine PayPal site says: “PayPal emails will always use your first and last name, or your business’s name.” Despite the complexity of this email, it is a fake, and can be deleted.
Verify St George details phishing email urges
St George Bank customers started getting hit this week by a phishing campaign. The emails used by the criminals are pretty nondescript, but don’t be fooled. They contain links to a phishing site that looks to steal banking id logins. This campaign was notable as the first concerted attack on St George Bank users seen by MailShark this year.