The “Perfect” Phishing Email

A few years ago one of my sisters forwarded me an email to ask me if it was legitimate. The email claimed she had won a lottery she did not remember even playing. The email was instructing her to follow a few simple steps to claim her prize. Obviously, I responded and told her to forget about it. It was a classic scam.

Today’s cyber criminals are much more sophisticated. As much as developers leverage modern technologies to create more secure applications, cyber criminals do the same to swindle their victims. Phishing is one of the easiest forms of gaining access to the login credentials of an unsuspecting user. It consists of sending fraudulent emails purporting to be from reputable companies in order to induce recipients to divulge personal information such as passwords and credit card numbers.

One phishing email came through my inbox today and it was so well crafted that I decided to showcase it. It has all the elements to be the perfect phishing email. Below is a screenshot of the phishing email. Below, I explain what you can look out for to help you in assessing that this is a phishing email.

Here are the red flags that make the email suspicious:
A. The email is sent from mailbox.com but the sender is speedataweb.com
B. Moving the mouse over the link reveals (at the bottom of the page – destination preview) that the destination is not the link in blue.
C. The Google Team would never send out an email signing with a different domain. 
D. Mail Systems Incorporated is not related to Google nor Speedataweb.com. How are they the ones sending that email?

Besides those red flags, the email is actually well crafted. It refers to a specific problem and creates a sense of urgency by providing a deadline to act by, along with consequences if nothing is done.

The goal of that phishing email is to trick you into providing your account username and password into a fake login form. I must say that Google does a good job of detecting and alerting user of potential phishing login pages. Thank you, Google. You take a lot from us, but you also give a lot. 🙂

If you receive an email that looks suspicious, there is a directory of phishing scams you can visit and see if it already catalogued there: https://scam.directory/niche/phishing.

If it looks or feels fishy, it is probably phishing. Don’t let the “almost” perfect phishing email trick you.