It used to be easy to spot a Phishing Scam. An African Prince asking for money to buy his dog an education or some yak. Now, phishing scams are getting smarter. They’re getting clever. Take a look at the email below. By most means, the email looks relatively trustworthy and is a decent replica of a DHL Delivery Report. Check again. There are a few pieces that give it away. Can you spot them?
Well, the first one is easy. We even highlighted it for you. Take a closer look at the file attachment. The file type is expected to be a .pdf, and it almost is. They tried to trick you by including _pdf as part of the file name, but that doesn’t make it a .pdf document. The actual file type is .7z (a comporessed or zipped file type), which will probably download a virus onto your computer as soon as you open the attachment.
There a few other ways to tell that this email probably isn’t legitimate. The email is addressed “Dear customer,” which may not seem that bad, but if DHL actually has YOUR parcel in their office, wouldn’t they address you by name? They have the wrong address, not the wrong name, right?
Not to mention, have you ever heard of mail couriers emailing you to let you know that a package failed to ship? I don’t know about you, but usually the package is returned to sender and the person or company that tried to send the package emails you about the mistake.
The last piece is actually just poor execution on the scammer’s part. You may have noticed, but thought nothing of it. Take a closer look at the content of the email. Did you notice the awkward spacing between “Dear” and “Customer,” the lack of a space in “office.Our,” and lastly there is no period after “customer” at the end of the message. This scammer obviously didn’t bother to proofread the email before sending it out, despite the amount of time they spent trying to make it look like a legitimate email.
My favorite part of this entire email is that they included a “Fraud Awareness” link at the bottom. No doubt that piece was to ward off concerns that this phishing scam is actually a phishing scam. If a user clicks that link, it will probably start more phishing and spam too.
A Note of Caution: If you use your E-town network username for another website (which we do not encourage students to do), then ensure that you are using a different password. Some websites are more prone to being compromised than others, and you don’t want the phishers to get ahold of your network username AND password through another site. Use unique passwords for every account on different websites.NEVER SHARE YOUR PASSWORD WITH ANYONE. ITS WILL NEVER ASK FOR YOUR PASSWORD.
Now you know these phishing scams are getting smarter. It doesn’t take much effort to spot the giveaways though. If you receive a phishing email, or think it may be a scam, forward the email to firstname.lastname@example.org. We’ll take care of the rest for you.
If you believe you have been the victim of a phishing scam, or if you have clicked on something you may believe to be spam or phish, call the ITS Helpdesk immediately at x3333 or (717)361-3333.