My wife received an email ostensibly from the Washington State Department of Revenue saying that she has a new document (or something). She wondered if it’s legitimate. The link (in the message, and on mouseover) matches the URL I have bookmarked for work. I typed it into my office computer, and it took me to the WA DoL login page. (Surprisingly, I have a username and password. I don’t remember setting it up.) So the URL in the email is correct.
But it did not address her by name. It didn’t even have a salutation. That stuck us as suspicious. Anyway, she’s ignoring it.
What do you think?
[This thread is for sharing your phishing stories, and getting opinions.]
Obviously the IT-smart thing to do is transfer the email and headers into plain text and read them critically. Do the urls really go where they appear to go and where the hoverover says they go? Is the chain of email transmission legit and does it start at a Washington state controlled address?
The street-smart thing to do is see if she has a login at the State website. If not, how did they know to contact her at that email address.
As to phishing stories I get a few emails like that per week and have for decades now. Most don’t require even a smidgen of scrutiny. A few do. Such as ones purporting to be from the government.
That’s what I do at work. (We get ‘phishing test’ emails from our Security provider, and I like reading ‘This is a phishing test’ in the full header. Sometimes the emails really are phishing attempts.) But that would entail her forwarding the email to me as an attachment.
Yes. I was surprised I had one. (I didn’t log in.)
Anyway, here is what transpired: I told her the URL to the WA DoR that I have bookmarked at work. She typed it into the address box manually. She did have a login. The message was just a reminder to submit her business taxes, which she thought she’d already done. (She doesn’t owe anything.) It would have been a lot les suspicious if they’d included a salutation and her name in their email!
We regularly get those at work, and most are so BLATENTLY OBVIOUSLY a. a phishing attempt and b. not a real attempt. And, yet, sadly, people fall for them.
The ones we get are ‘blatantly obvious’ because we’ve been trained to look for the signs if we get a suspect email. Otherwise, they might be pretty convincing. I was looking for an example, but I couldn’t find one immediately.
FWIW, here is what I find in the ‘phishing test’ emails’ complete headers (security’s name deleted]:
X-PHISHTEST: This is a phishing security test from __________ that has been
authorized by the recipient organization
I did get an email in August from a company I was expecting a file from, and it had a link to a file. It had the correct business address in the signature block. But… I’d never received a file from them in quite that way. I checked the sender’s domain, and it was completely not the correct domain. (Also, the sender’s name was [company name]AR instead of the person.) Whenever an actual phishing email comes in, I let everyone know, and included a picture of a pointing Donald Sutherland from Invasion Of The Body Snatchers.
I’m a cybersecurity professional. Don’t click any links from any emails unless it’s a response to something you have done. (Signed up for a web site, changed your password)
Don’t click any links from any email that you don’t know why you received it.
In a recent rant I posted in the Pit, I got an email ostensibly from my ISP stating that they were terminating their relationship with their third-party email provider, and that I should “Click here” to update my account information.
There were a number of things about the email that made me suspicious, but I must admit that I did think it was genuine, just unusual. Fortunately, I did not “Click here” or reveal my login information, and it did turn out to be a phishing attempt. But it was quite well done.
Good advice. I completely agree. Phishing attempts are getting more sophisticated.
The only time I’ve got a virus was when I was running a chess team and another captain (who I knew well) sent me a bland e-mail with a link.
It turned out his e-mail had been compromised and the hacker used my friend’s contacts list to send out malicious messages.
(I warned my friend he’d been hacked and vowed never to open an unwanted link again!)
P.S. I have regularly turned down such links from wealthy Nigerians and hot women.
I used to work for a security software company and we got regular phishing training and tests. But this didn’t stop someone from clicking something they shouldn’t have and getting the network compromised.
There was a time a number of years ago when I was the lucky recipient of dozens and dozens of emails from hot women who I’d apparently dated and forgotten about, but they had not forgotten about me, and were oh so anxious to “get together” again. Apparently, without me, their lives had fallen apart.
This was an era when spam was much more prevalent than it is now, and I was running a pretty intelligent and well-tuned spam filter, so I only found out about these hot women when occasionally checking the spam logs. It made for interesting reading, but only for a very short while. I had no idea that I’d had such a wild and crazy past! But apparently I was also quite boring. These hot women were apparently incredibly shallow, and just yearned to “feel me inside me again”, but had nothing more of interest to offer. Meh! I’ll go back to checking out investment opportunities for Nigerian princes!
I get scam phishing attempts on my text messages all the damn time. The latest iteration seems to be that I have an unpaid toll or an unpaid traffic-light fine that I need to pay RIGHT FUCKING NOW or else they’ll sent “the authorities” to arrest me. As if my phone number is in some way tied to my license plate (eyeroll). Unfortunately, my aunt and uncle, who do much business via PayPal, fell for one of those PayPal phising scams and lost thousands, according to my cousin (their daughter). My cousin said they won’[t say how much they lost, because they’re so embarrassed, but it’s definitely four digits.
I never get scam or phishing attempts in my email. Gmail is surprisingly good at filtering those out. Now if only AT&T would get on that train…
Possibly not when they find out I’m actually a Bernese Mountain Dog. I mean, I’m a really handsome guy, but it’s mainly because of the thick double layer of tri-coloured fur! Also the way my tongue hangs out when I smile.
I received not one, but two emails informing me the Patrick and Frances Connolly foundation likes me.
In one email they’re gifting me 2.5M Euros. In both Portuguese and English. The other email is the same basic message but more English.
Wow, 5M Euros. I could sure use that to offset trump’s best evar price of eggs.
The return addresses are from the Brazilian federal government’s Office of Public Defense. So you know it’s good.
Although why a public defender’s office in Brazil is involved in paying out a trust is kinda confusing and why they’re using using Euros is confusinger still. No reason to worry though; I’m sure it’s 100% legit.
