martes, 3 de enero de 2017

Phishing Email

Hi,
Ok, let's start with a practical case.
For example, this is a phishing email y received not long ago:
https://es.wikipedia.org/wiki/Phishing 
De: BancSabadell.com [mailto:info@bancsabadell.com]
Enviado el: jueves, 29 de diciembre de 2016 13:52
Para: [Mi dirección de email]
Asunto: Aviso Importante: Cuenta Bloqueada
Importancia: Alta
Ok, it went directly to the Spam folder:

Anyway, we can see strange things quite evidently:
-The idea: In those cases, we must think: Does it make any sense this email? Do I have an account in this banc? Could it be bloqued? Would they inform me by email?
And try to answer logically and coherently: Could I check the account by myself (not using this email, obviously)? Could i just phone the bank office?
 -Sender's email address: BancSabadell.com <info@bancsabadell.com>
Despite address been real:
https://www.grupbancsabadell.com/es/CONTACTAR/CENTRO_CORPORATIVO/DATOS_DE_CONTACTO/index.html 


The name given is quite strange: "BancSabadell.com".

-Links in the email: We can see those links pointing to strange URLs. We only have to put the mouse over them:



In total, we have 5 links pointing to the same URL:
http://academico.uss.mx/planeacionesp01/sabadell.php

 Caution: Following those links is quite risky. It's better just to ignore them:


 Inthis case, domain is already down. Better
Usually, we end in a form which will ask us for our banc account credentials.

 -Text: Usually is not correctly written:
Apreciable Cliente:
Le notificamos que su cuenta fue bloqueada debido a que su ultima consulta de cajero o banca en linea no finalizo de manera correcta, para poder desbloquear es necesario hacer una pequeña validacion y verificacion de datos Click AQUI
Le recomendamos ingresar de forma inmediata al siguiente enlace:
https://www.bancsabadell.com/cs/Satellite/SabAtl/
(Click Aqui)
Tu seguridad es muy importante para nosotros. Por eso tus transacciones estan protegidas por nuestra Garantia de Seguridad en BancSabadell.com
Banco de Sabadell, S.A., 2016. Todos los derechos reservados.
In case of doubt, it's quite easy to search in Google. Those spam campaigns use to be reported and we'll find info about them quite easily.
Those are sent massively and they only need some successes to be profitable.
Anyway, be cautious!
Publicado por en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)