In this blog post, PkHackingTricks will show you real world examples on how to block emails coming from spear phishing attacks.
In our last article, we talked about the latest current events on how email spoofing and spear phishing attacks are costing the U.S. economy big money. Hackers are sending out fake emails to unsuspecting victims. These false emails that are being sent out may look exactly like a familiar email address of someone you know well. This email address could even be a clone of the person messaging you. This technique of cloning someones email address is called email spoofing.
When you receive a spoofed email, there is always an agenda behind it. This agenda of a hacker pretending to be someone their not. They are trying to squeeze some sort of personal information out of you through these spear phishing attacks. Information that most hackers are interested in could be bank account numbers, credit card numbers, social security numbers, user names, passwords, your full name, your address, and so on. They might even be trying to get someone else’s information out of you through their phishing attempt as well.
Regardless of the reasons on why hackers want to steal your personal information, these attacks can be very harmful! This is why we will be showing you how to spot phishing attacks, and how to block emails on the most popular email service providers such as gmail.com, yahoo.com, and even hotmail.com.
Yes you heard me right when I said hotmail.com! The majority of email users still use a Hotmail account which is now outlook.com for their email services. Ok sorry for that little side rant, but knowing how to block Hotmail emails will be useful for those who don’t know and still use this Microsoft email service.
Ok, so let’s get down to business. I will show you real world spoofed email addresses, and actual examples on how I was attacked through one of these spear phishing attacks.
Example 1: Federal Express Spear Phishing AttacksThis is a spoofed email from a sender claiming to be from Federal Express. The email looks legit, but it was one of many types of spear phishing attacks. I will break down an explanation of the email:
Subject: FedEx #46358
From: Federal Express
Thu 1/1/2016 12:00 AM
We have sent you a message.
We have sent you a message with the required information.
Have trouble reading this email?
Click here to open this email in your browser.
Please click unsubscribe if you don’t want to receive these messages from Federal Express in the future.
As you can see above, the sender looks like it’s from FedEx. The email address was identical to that of a FedEx email address. There are even links like the “View messages” button, and a link to unsubscribe to future emails.
I never ordered anything from FedEx, so that got me thinking that this must be a mistake, or a phishing attack. Sure enough, it was a phishing attack. Now I don’t recommend anyone to do this at home, but since I have a dummy computer to practice cyber security on, I went ahead and did the unthinkable. I actually clicked on the “View messages” button! Again, I reiterate to NOT do this at home!
What happened next was that it brought me to a website claiming that my computer’s Adobe Flash Player was out of date, and that I needed to install the latest version. Below is a screen shot of the false alert.
In the image above, it displays a webpage that is false. I checked my Adobe Flash Player, and it is completely up to date to the most recent version. I am sure if I clicked on any of the links from this website, it would fill my computer with malware and viruses! Let’s move on to another example.
Example 2: Junk MailI am sure most of you get these emails already, but I had to post an example for anyone that wasn’t aware. Before I explain what this type of spam email is, I am just going to go ahead and post an example. Below is not one of the spear phishing attacks that I have been talking about, but it is an example of junk mail:
From: BEST VIAGRAandCIALIS
Click Here [Online Pharmacy]
Or Copy and Paste this Safe redirect Url into your browser:
===> http://fungu.reg11.ru/administrator/components/com_weblinks/views/f 1.html
Cialis Price: $0.87
Viagra Professional|Price $2.67
Cialis Professional|Price: $3.59
Levitra|Price $ 1.04
Copyright 2007-2016. All Rights Reserved.
(If the link does not work then click – Wait, it’s safe! Or I’m not sure. Let me check)
This is strictly junk email sent to my inbox. This isn’t a spoofed email, and may or may not be a phishing attack, but these emails are more annoying if anything. If you are looking to buy Viagra online, I would not attempt to click on any of the links in an email sent to you from a company claiming to sell a drug to get your juices flowing. Clicking on a link may still download viruses and malware onto your computer.
Example 3: More Spoofed Email FedEx Spear Phishing AttacksBelow is another example of a spoofed email from FedEx that is phishing for information:
FedEx:Not possible to make delivery
Fri 5/20/2016 5:50 AM
To: Your Name (email@example.com)
January 1, 2013
Not possible to make delivery.
Our companys courier couldnt make the delivery.
The email above is claiming that I made a purchase, and the shipping was not able to make a delivery to my home. Again, I made no purchases, and this email is trying to get me to click on one of their links so I can be directed to a bogus website, and be fooled into typing in my personal information. Also if you look at the spelling of their email, it is certainly a clue that this is a phishing attempt. This is an indicator that this email is from a false sender. The example above is purely a phishing attack!
Let’s move on to our final example before we go onto showing you how to block emails in your gmail, yahoo, and Hotmail accounts.
Example 4: Spoofed Amazon email & Spear Phishing AttacksThis next email example is claiming that I made a purchase from Amazon, and that my order was cancelled. See below:
Subject: Amazon.com – Your Cancellation (11-323-46942)
Jan 1/1/2016 12:33 PM
Your order has been successfully canceled. For your reference, here’s a summary of your order:
You just canceled order 11-323-46942 placed on May 12, 2016.
1 “Huey”; 2006, Special Edition
By: Pierre Wallace
Sold by: Amazon.com LLC
Thank you for visiting Amazon.com!
Earth’s Biggest Selection
When I got this email, I must admit I was a little taken back from it. It looked like it was from Amazon, but the only problem was is that I never ordered anything in a while from them. At first I thought someone hacked into my Amazon account and made a purchase for 1 “Huey”; 2006, Special Edition
By: Pierre Wallace. I did some research and found that no such product existed. Their link all the way at the bottom of this email even brought me to the Amazon website.
Everything else about this email seemed legit, except for the order number 11-323-46942. The order number link took me to a webpage that looked like an Amazon page, but just looked a little off. It was asking for me to re-enter my credit card information, my full name, and my address. The webpage just didn’t feel right, so I decided to contact Amazon’s customer support directly.
Sure enough, I received a legit email from Amazon’s customer support team, and below is an actually copy of the email:
Message From Customer Service
Thank you for writing to us.
The e-mail you received was not from Amazon.com. We are investigating the situation, and we appreciate you letting us know that you received this.
For your protection, we suggest that you never respond to requests for personal information that may be contained in suspicious e-mail. It is best to assume any e-mail that asks for personal financial information (or web site linked to from such an e-mail) is not authentic.
If you did not click on the link in the fraudulent e-mail, your account at Amazon.com is fine — there’s nothing more you need to do. If you did click the link, but didn’t enter any personal information (such as your login or password), the phishers will not have your Amazon.com account information.
However, please know that if you ever respond to a phishing e-mail and do enter your Amazon.com login and password (or any other personal information) on the forged web site, the phishers will have collected that information and you should take appropriate action. We recommend that you update your Amazon.com password immediately, and, if you entered financial information, you may want to contact your bank or credit card provider.
If you encounter any other uses of the Amazon.com name that you think may be fraudulent, please do not hesitate to contact us again.
Thank you for contacting Amazon.com.
WHAT IS PHISHING?
Phishing e-mails have been around for years. The term phishing comes from the use of increasingly sophisticated lures to “fish” for users’ personal or financial information. In phishing, the scam artist usually sets up a spoofed a web page, which looks like the real one, but is owned and operated by the phisher.
Go to www.amazon.com/phish to read more about ways to protect yourself from phishing.
WHAT IS SPOOFING?
Spoofing, in this context, refers to a counterfeit web page or e-mail that is made to “look and feel” authentic but is actually owned and operated by someone else. It is intended to fool someone into thinking that they are connected to a trusted site, or that they have received an e-mail from a trusted source.
WHERE CAN I FIND OUT MORE INFORMATION ABOUT SECURITY ON AMAZON.COM?
HOW CAN I UPDATE MY AMAZON.COM PASSWORD?
Go to our home page then click “Your Account” on the top right menu. Choose the option “Change your name, e-mail address, or password” found under Account Settings.
We’d appreciate your feedback. Please use the links below to tell us about your experience today.
There is some pretty good information from Amazon that was sent to me through their customer support email.
I hope the examples above gave you all some deeper insight on what a spoofed email looks like, and how a phishing attack is performed.
Now that we all have a better understanding on how to spot a phishing attempt, lets learn how to block these emails from ever being sent again to our email address for better cyberdefense awareness.
How To Block EmailsBelow is a step by step guide in how to block a sender from your gmail account:
Step 1: When you are in your gmail account go to the top right hand corner of an email message and click on the drop down menu.
Step 2: Just click “Block” as shown in the picture above.
Blocking an email address in Google is really that simple! Lets move onto blocking a sender from a Yahoo email account.
Step 1: Go ahead and sign into your yahoo email account.
Step 2: As shown in the image above, go to options at the top and click on “Mail Options”
Step 3: From there you should see an option to Block Addresses
Step 4: Just type in the email address that you would like to block, and never receive email from that sender again.
Blocking someones email address in yahoo is as simple as baking an American pie!
Ok let’s wrap this up. Below is how you block someone in a Hotmail account.
Step 1: Just go to your Hotmail homepage.
Step 2: And now, just follow these exact steps, and your all good!
That’s it, we hope you enjoyed this lesson on how to block emails and spot a spear phishing attack. We also hope you now know what a spoofed email looks and feel like too. Please leave comments below and talk about your experiences with email spoofing and spear phishing attacks.
Sufyan (Author) PKHACKINGTRICKS