Weekly Email Marketing News Digest
Increasingly sophisticated scams have found their way to our inboxes in recent months. With scammers upping the ante when it comes to cybercrime, it’s important to stay vigilante and implement the latest tactics in email security including DMARC, DKIM and SPF. Don’t let scammers feast on your profits or whittle away the reputation of your brand.
Not quite an article but here’s an interesting find. Want to know if that email you got from your bank is genuine? FraudWatch, a privately owned internet security company, publishes a frequently updated list on phishing activity complete with fraudulent email examples.
If you work in the email industry, you’re no stranger to the terms phishing and spearphishing. But have you heard of the term “longlining”? Perhaps, if you’re an angler, you’ve heard of it being used in fishing, where lines that are miles long are embedded with thousands of individual hooks to catch fish.
Here’s an excerpt from the article on longlining phishing in the context of email scams:
“During a longlining phishing campaign, the attacker sends out email messages, or hooks, that are highly variable, in terms of content. These messages are individualized and appear to come from various IP addresses. They include a variety of subject lines and body content and dozens of unique URLs– all making it hard to track.
As with spear phishing, the malware is loaded by fooling the users into clicking on a URL embedded within these messages. To avoid user suspicion and web-security detection, these links don’t point directly to malicious sites but instead they point to trusted, legitimate websites that have been compromised by the attackers to host the malware. A single attack can employ dozens or even hundreds of compromised sites as malware hosts.”
In short? Longlining is a scam where emails with highly variable content are sent containing links to legitimate websites that have been compromised [Tweet This!].
Stephanie Colleton from Return Path points out examples of how some legitimate emails from brands can raise phishing alarms [Tweet This!]. Here’s one from Facebook that has a from address which looks suspicious: invite+Ac3RlcGhhbmllLmNvbGxldG9uQHJldHVybnBhdGgubmV0@facebookmail.com.
Stephanie also listed an example on how brands can sometimes send conflicting advice on phishing.
What are some other examples of confusing emails you have seen?
Al Iverson adds on to Stephanie’s article with four additional tips:
- Use DKIM authentication
- Utilize DMARC
- Think about from address and link domains
- Think about email content
Websense is a company that specializes in protecting organizations from the latest cyberattacks and data theft. They have a great article on spear phishing and a cool infographic on Top Phishing Findings [Tweet This!].