Avoid Viruses and Phishing Scams



With the growing presence and sophistication of online threats like viruses, ransomware, and phishing scams, it's important to have the right protection. Office 365 has advanced security tools to help keep your information secure and private.

Unpacking the Master Scam

Below, you will see an example of a scam email I received in the desktop version of Outlook. These are the types of emails Office 365 can save you from.
MS scam email with FB logo
This little beauty has a lot of things to unpack. One thing to know about these types of service emails from Microsoft (the legitimate ones) is that only users who are assigned as admin on the account will receive them. Notice right after the link it says: "Only Office 365 account admin can use this link. If you're not Admin please contact Your suppervisor about this issue"
  • Only an admin on the account would have received such a notification, to begin with.
  • "Supervisor" is spelled incorrectly.
  • Missing punctuation and errant capitalization.
One of the most glaring clues is the Facebook logo at the top. Why would there be a Facebook logo on a Microsoft correspondence? As you may or may not be aware, Microsoft has some pretty strict branding guidelines and this is a #1 no-no.
Another huge warning is the account name. I work for Navisiontech. Not AIO Systems. Now on the surface, you may think, is this AIO Systems trying to pull a fast one on me?

What's really going on?

Let's take a look at what it looks like in our "Junk" folder. This will show you just how much of a web of deceit these people are actually spinning.
You can make any image or text a link. Never take a link or file at face value. If you copy and paste this URL into your browser, you will get an error page of sorts because it doesn't exist. If you click the link it will take you to the Navisiontech website. You can try it now if you like. I promise it isn't a scam.

http://www.winamilliondollarz.com

If you want to check it out before clicking on it, hover over the link, right click and choose Copy Link Address. Paste it into a notepad and you will see the true path. This will work pretty much anywhere; email, websites, etc. It's not just text either. Be careful of images as well. Perform the same process on the image of the email example. If you click on this image, it will take you to our website.

Pulling Back the Curtain

The Junk folder removes the mask and shows where the links are really going. With this example, you can also see a whole lot of hidden information.
Junked reveal 1 Junked reveal 2 Junked reveal 3
It looks like a jumbled mess and nothing at all like the original email. So what are we looking at here?

There are a bunch of hidden links throughout the email for Facebook and all of the links have tracking links attached to them. Tracking links don't necessarily denote malicious intent but they do provide the sender a lot of information such as what you are clicking, where you are going, and from where. Marketers use them to monitor the success rates of social media marketing campaigns. Cybercriminals use them similarly but instead of trying to sell you something, they want to steal your information.

Notice the very first link. This is the Facebook logo that we see at the top of our Inbox email. You will notice that the link goes to Facebook, but there's a code attached that appears to be performing a query to find friends. "https://www.facebook.com/n/?find-friends..." This is how your friends become their next victims.

Next, let's take a look at the "reactivation" link in the body of the original email. You can see that the true destination of the link is "mychiangmaiboutique.com" NOT "admin.microsoft.com".
Right after that, we see a completely new message supposedly from Apple Support. I certainly don't have an Apple account set up with my work email. These people are all over the place!

Throw It at the Wall and See What Sticks

From the junk mail version of this email, it is pretty clear that this email was generated with the same tactic they use on their scams: Let's just throw it at the wall and see what sticks. They aren't interested in proper grammar, clean code, or accurate information. They are praying on those who do not pay attention to detail and are impulsive to react to threats. Protect your organization and your people by investing in an email service will help stop these tricksters in their tracks. Office 365 does this as well as offers a full suite of Microsoft Office, a way to manage and maintain your users. It can also be used to manage user licenses for other Microsoft products such as Dynamics 365 Business Central and Power BI.

Comments

  1. Excellent .. Amazing .. I’ll bookmark your blog and take the feeds also…I’m happy to find so many useful info here in the post, we need work out more techniques in this regard, thanks for sharing. gépszállítás Europa-Road Kft

    ReplyDelete
  2. I got a suspicious text from "YESBNK" on my iPhone saying, "we have noticed some unusual transactions made on you [sic] account". I didn't touch the link but logged into my Citibank account on my computer and checked its status...nothing.

    Moral: Verify through known secure channels to follow-up and NEVER tap/click the links in the message.
    And if you usually deal with critical data or personal data then you must contact turnkey SOC as a Service Provider to stay tension free.

    ReplyDelete

Post a Comment

Popular Posts