Don’t Be Phish On The Menu

Angela Cheong
May. 13, 2013 by Angela Cheong

Weekly Email Marketing News Digest

Increasingly sophisticated scams have found their way to our inboxes in recent months. With scammers upping the ante when it comes to cybercrime, it’s important to stay vigilante and implement the latest tactics in email security including DMARC, DKIM and SPF. Don’t let scammers feast on your profits or whittle away the reputation of your brand.

FraudWatch International Phishing Alerts

Not quite an article but here’s an interesting find. Want to know if that email you got from your bank is genuine? FraudWatch, a privately owned internet security company, publishes a frequently updated list on phishing activity complete with fraudulent email examples.

 

PhishingAlert

Massive-scale phishing attacks loom as new threat

If you work in the email industry, you’re no stranger to the terms phishing and spearphishing. But have you heard of the term “longlining”? Perhaps, if you’re an angler, you’ve heard of it being used in fishing, where lines that are miles long are embedded with thousands of individual hooks to catch fish.

Here’s an excerpt from the article on longlining phishing in the context of email scams:

“During a longlining phishing campaign, the attacker sends out email messages, or hooks, that are highly variable, in terms of content. These messages are individualized and appear to come from various IP addresses. They include a variety of subject lines and body content and dozens of unique URLs– all making it hard to track.

As with spear phishing, the malware is loaded by fooling the users into clicking on a URL embedded within these messages. To avoid user suspicion and web-security detection, these links don’t point directly to malicious sites but instead they point to trusted, legitimate websites that have been compromised by the attackers to host the malware. A single attack can employ dozens or even hundreds of compromised sites as malware hosts.”

In short? Longlining is a scam where emails with highly variable content are sent containing links to legitimate websites that have been compromised [Tweet This!].

Email + Phishing: Separating Scams from the Real Thing Can be Tough

Stephanie Colleton from Return Path points out examples of how some legitimate emails from brands can raise phishing alarms [Tweet This!]. Here’s one from Facebook that has a from address which looks suspicious: invite+Ac3RlcGhhbmllLmNvbGxldG9uQHJldHVybnBhdGgubmV0@facebookmail.com.

Facebook

Stephanie also listed an example on how brands can sometimes send conflicting advice on phishing.

EvernoteFirstEmail

 

EvernoteSecondEmail

What are some other examples of confusing emails you have seen?

Spams, Scams, and Senders

Al Iverson adds on to Stephanie’s article with four additional tips:

  • Use DKIM authentication
  • Utilize DMARC
  • Think about from address and link domains
  • Think about email content

What is Scaring Businesses the Most? Spear-phishing.

Websense is a company that specializes in protecting organizations from the latest cyberattacks and data theft. They have a great article on spear phishing and a cool infographic on Top Phishing Findings [Tweet This!].

Websensephishinginfographic

 

Feeling alarmed about phishing? Read other blog posts on email authentication. Or check out our webinar on DMARC!

Don't Deprioritize DMARC webinar

 

Share your Thoughts

Your email address will not be published.

Related Content

Are you Realizing the Big Rewards of Email Deliverability?

We did the math, learn how email deliverability is calculated, how it impacts your bottom line, and how to improve it for better engagement rates and ROI.

read more

Why Attestations Are Just One Part of Your Cloud Security Program

Attestations are a necessity for any cloud security program. Here’s why you need to look beyond just checking the boxes to ensure your perimeter is secure.

read more

Operating DNS on the AWS Network: Challenges and Lessons

Learn how our team worked with AWS to address a challenging DNS performance issue—and tips for troubleshooting with the AWS support team.

read more

Start sending email in minutes!

The world’s most powerful email delivery solution is now yours in a developer-friendly, quick to set up cloud service. Open a SparkPost account today!

Get Started

Send this to a friend