Category Archives: misc

Anatomy of a phishing attack

I got a phishing email today that purported to be from a credit-card company. I had a funny feeling about it, and I’m ashamed to admit it almost fooled me until I took a closer look. Here’s what it looked like. Can you tell what’s wrong with it?

Screenshot 2015-09-25 11.36.24

On closer inspection, I found quite a few things wrong with it, even though it had an attention-grabbing subject line. Here’s the email again, with some spots highlighted in no particular order:

Screenshot 2015-09-25 11.39.10

  1. From email address isn’t from anything remotely resembling americanexpress.com. This can be easily spoofed, though, so not phishing emails will have this problem.
  2. To email address: not my real email address. It only arrived in my email inbox because I have a catch-all address set up on my domain.
  3. The link they’re trying to get you to click does NOT go to americanexpress.com, but to american-express-d3s1.com – a dead giveaway.
  4. No American Express logo or branding of any kind? Suspicious.
  5. What is this even supposed to be? “For your security” with a random number?? It doesn’t even make sense!

Just goes to show, if you’re suspicious of an email, it never hurts to take a closer look!