Don’t Be Phish On The Menu

Angela Cheong
May. 13, 2013 by Angela Cheong

Weekly Email Marketing News Digest

Increasingly sophisticated scams have found their way to our inboxes in recent months. With scammers upping the ante when it comes to cybercrime, it’s important to stay vigilante and implement the latest tactics in email security including DMARC, DKIM and SPF. Don’t let scammers feast on your profits or whittle away the reputation of your brand.

FraudWatch International Phishing Alerts

Not quite an article but here’s an interesting find. Want to know if that email you got from your bank is genuine? FraudWatch, a privately owned internet security company, publishes a frequently updated list on phishing activity complete with fraudulent email examples.

 

PhishingAlert

Massive-scale phishing attacks loom as new threat

If you work in the email industry, you’re no stranger to the terms phishing and spearphishing. But have you heard of the term “longlining”? Perhaps, if you’re an angler, you’ve heard of it being used in fishing, where lines that are miles long are embedded with thousands of individual hooks to catch fish.

Here’s an excerpt from the article on longlining phishing in the context of email scams:

“During a longlining phishing campaign, the attacker sends out email messages, or hooks, that are highly variable, in terms of content. These messages are individualized and appear to come from various IP addresses. They include a variety of subject lines and body content and dozens of unique URLs– all making it hard to track.

As with spear phishing, the malware is loaded by fooling the users into clicking on a URL embedded within these messages. To avoid user suspicion and web-security detection, these links don’t point directly to malicious sites but instead they point to trusted, legitimate websites that have been compromised by the attackers to host the malware. A single attack can employ dozens or even hundreds of compromised sites as malware hosts.”

In short? Longlining is a scam where emails with highly variable content are sent containing links to legitimate websites that have been compromised [Tweet This!].

Email + Phishing: Separating Scams from the Real Thing Can be Tough

Stephanie Colleton from Return Path points out examples of how some legitimate emails from brands can raise phishing alarms [Tweet This!]. Here’s one from Facebook that has a from address which looks suspicious: invite+Ac3RlcGhhbmllLmNvbGxldG9uQHJldHVybnBhdGgubmV0@facebookmail.com.

Facebook

Stephanie also listed an example on how brands can sometimes send conflicting advice on phishing.

EvernoteFirstEmail

 

EvernoteSecondEmail

What are some other examples of confusing emails you have seen?

Spams, Scams, and Senders

Al Iverson adds on to Stephanie’s article with four additional tips:

  • Use DKIM authentication
  • Utilize DMARC
  • Think about from address and link domains
  • Think about email content

What is Scaring Businesses the Most? Spear-phishing.

Websense is a company that specializes in protecting organizations from the latest cyberattacks and data theft. They have a great article on spear phishing and a cool infographic on Top Phishing Findings [Tweet This!].

Websensephishinginfographic

 

Feeling alarmed about phishing? Read other blog posts on email authentication. Or check out our webinar on DMARC!

Don't Deprioritize DMARC webinar

 

Related Content

5 Best Practices for Security Notifications

Learn the 5 best practices for security notification emails that product teams can use to build user trust and confidence.

read more

What GoT’s Casterly Rock Can Tell SaaS About Email Security

The defenses and vulnerabilities of castles in Game of Thrones should be a warning for SaaS providers about phishing and email security.

read more

Getting Started with SparkPost in Java

A quick and easy guide on how to use the SparkPost Java Client Library to integrate with SparkPost to allow users to send emails faster.

read more

Start sending email in minutes!

The world’s most powerful email delivery solution is now yours in a developer-friendly, quick to set up cloud service. Open a SparkPost account today and get started for free.

Get Started

Send this to a friend