Avoid Viruses and Phishing Scams
With the growing presence and sophistication of online threats like viruses, ransomware, and phishing scams, it's important to have the right protection. Office 365 has advanced security tools to help keep your information secure and private.
Unpacking the Master ScamBelow, you will see an example of a scam email I received in the desktop version of Outlook. These are the types of emails Office 365 can save you from.
This little beauty has a lot of things to unpack. One thing to know about these types of service emails from Microsoft (the legitimate ones) is that only users who are assigned as admin on the account will receive them. Notice right after the link it says: "Only Office 365 account admin can use this link. If you're not Admin please contact Your suppervisor about this issue"
- Only an admin on the account would have received such a notification, to begin with.
- "Supervisor" is spelled incorrectly.
- Missing punctuation and errant capitalization.
Another huge warning is the account name. I work for Navisiontech. Not AIO Systems. Now on the surface, you may think, is this AIO Systems trying to pull a fast one on me?
What's really going on?Let's take a look at what it looks like in our "Junk" folder. This will show you just how much of a web of deceit these people are actually spinning.
You can make any image or text a link. Never take a link or file at face value. If you copy and paste this URL into your browser, you will get an error page of sorts because it doesn't exist. If you click the link it will take you to the Navisiontech website. You can try it now if you like. I promise it isn't a scam.
If you want to check it out before clicking on it, hover over the link, right click and choose Copy Link Address. Paste it into a notepad and you will see the true path. This will work pretty much anywhere; email, websites, etc. It's not just text either. Be careful of images as well. Perform the same process on the image of the email example. If you click on this image, it will take you to our website.
Pulling Back the CurtainThe Junk folder removes the mask and shows where the links are really going. With this example, you can also see a whole lot of hidden information.
It looks like a jumbled mess and nothing at all like the original email. So what are we looking at here?
There are a bunch of hidden links throughout the email for Facebook and all of the links have tracking links attached to them. Tracking links don't necessarily denote malicious intent but they do provide the sender a lot of information such as what you are clicking, where you are going, and from where. Marketers use them to monitor the success rates of social media marketing campaigns. Cybercriminals use them similarly but instead of trying to sell you something, they want to steal your information.
Notice the very first link. This is the Facebook logo that we see at the top of our Inbox email. You will notice that the link goes to Facebook, but there's a code attached that appears to be performing a query to find friends. "https://www.facebook.com/n/?find-friends..." This is how your friends become their next victims.
Next, let's take a look at the "reactivation" link in the body of the original email. You can see that the true destination of the link is "mychiangmaiboutique.com" NOT "admin.microsoft.com".
Right after that, we see a completely new message supposedly from Apple Support. I certainly don't have an Apple account set up with my work email. These people are all over the place!