Real Example of a Phishing Email

what to look for in order to protect yourself from phishing attacks via email

Real Example of a Phishing Email

8 March 2022 Sniff.email Wiki Comments (0)

The aim of Phishing emails often can be quite discrete, such as to confirm if your email exists and whether you are susceptible to their techniques – e.g. was their approach convincing enough that you click a link, or reply to the message.

You need to be extra careful. If it doesn’t feel right either mark as spam and delete, or do some research.

NEVER CLICK ON A LINK OR REPLY TO AN EMAIL YOU ARE SUSPICIOUS OF!

Here is an example of an email we were suspicious of. It was received on the 24th November 2021. On the face of it, it does look genuine, however it’s when we scrutinize the content we see the signs. Read on.

The first question to ask is whether or not the email has really originated from Norton. In most mail clients like Microsoft Outlook or Mac Mail you can hover over an email (do not click it) to see the true sender address. In this example we see that the true sender address is in fact noreply@phpmailer.com – this is the first red flag as it doesn’t appear to be from a Norton email address!

As we look at the content of the email we see a few things that aren’t quite right.

The logo is distorted, it looks to be stretched
The expiry of the license states ‘Sunday Nov 23 2022’ which for this date is actually a Wednesday
The GBP £ symbol is ‘Superscript’ e.g. small and top aligned for no reason
The tax due is £1 on an invoice for £124.99 equating to less than 1% sales/VAT (we all wish tax was that generous!)
Poor grammar, with randomly placed capital letters
Address in Google Maps is most definitely not Nortal Internet Security

These are all red flags!

Finally we can see there is a link at the very bottom of the email. NEVER CLICK ON SUSPICIOUS LINKS.

If we carefully copy this link and paste it into an online url link checker (we like https://www.psafe.com) we can see that the link is being returned as potential phishing. Final red flag!

dfndr labs, the company that powers psafe outlines the following which we agree is sound advice!

If you have already clicked on the URL:

1. Don’t share any personal information on the page(s).
2. If you shared any passwords or credit card info, change your passwords immediately and report the situation to your credit card provider.
3. Install a mobile security app with anti-phishing technology to prevent further exposure, and to limit any potential security breaches that the phishing attempt may already have exploited.
4. If you’ve shared the link with others, be sure to tell them about the situation as well.

If you have not yet clicked on the URL:

1. Be suspicious of any message or site that offers large discounts, free products, or too-good-to-be-true promotions.
2. Review with extra caution any message or site that asks for your personal information (email, passwords, credit card numbers, etc.).
3. Always use a URL checker to see if a link is suspicious before clicking it. Bookmark ours here.
4. Be proactive about your online safety: install a mobile security app with anti-hacking and anti-phishing features.

So its pretty clear by this stage that the email is a phishing email.

What should you do now?

In addition to the advice from dfndr above, you should mark the email as spam and delete from your system.

In Apple Mail, right click the email and click ‘Block Contact’ then delete.

In Microsoft Outlook, right click the email, select ‘Junk’, then select ‘Block Sender’ – then delete the message.

It is also advised that you then go into the deleted folder within your email client and permanently delete the message by deleting it from within the deleted folder.

If you are wondering how you became a victim of email phishing, or wonder how someone got your email address, it is likely as a result of your email address being available online. To check if your email address is exposed online please head over to https://sniff.email to perform a free search.