Is It a Phish?

SLAM and So Much More…

Supposedly, 55% of Americans are Netflix users. If you’re one of them, and you get the email shown below, what do you do? If you’re not one of them, do you wonder first if someone gifted you with a subscription?

STOP! Don’t click anything. Don’t forward the email. Don’t open any attachments. Don’t reply. Let’s SLAM it first.

S is for SENDER

Start by looking at the SENDER (the S in SLAM). Look carefully at what you can see. Notice that the “N” in “netflix” isn’t an N at all. It’s two symbols with barely a space between them. But that’s simply the sender’s NAME. What is the email address this email was sent from?

Depending on your email system, you might have to click the sender name to see the sending email address. The above email already showed the email address. Here’s what it actually looks like:

RED FLAG ALERT! DON’T TAKE THE BAIT!
Notice that the email address is nonsense but ultimately comes from the domain “goprintecuador.com” – which is obviously not Netflix.

L is for LINKS

Now, let’s check for LINKS (the L in SLAM). Links all lead to URLs, and URLs can be misleading. While the email above doesn’t contain any links to check, we still need to know what to look for.

1. Remember that any words can be hyperlinked in an email, just like they can on a webpage. So a link for www.netflix.com could, in fact, be linked to somewhere else. Hover over the Netflix link in the prior sentence. Watch the lower left corner of your screen to see where the link actually goes. See how simple it would be to entice people to click the link without checking it? It looks completely legitimate, doesn’t it?
   RED FLAG ALERT! If the actual address is different from the link you see, it’s likely malicious. Don’t click.
2. Phishing artists will also play with domain names, trying to make them look legitimate when they are anything but. While phishing.ibsre.com is a legitimate (though non-working) link, ibsre.phishing.com is not legitimate. The legitimate part of the domain is always the right side – closest to the “dot com” part of the URL. Think about this – do you ever see on Facebook those posts that make it look like a grocery chain is giving away gift cards? All you need to do is click on CHAINNAME.giftcards.com and you can claim yours.
   RED FLAG ALERT! If the URL is oddly formatted, it’s likely malicious. Don’t click.

A is for ATTACHMENTS

Clicking an attachment could download something malicious to your computer, anything from a keystroke logger that would capture every tap on your keyboard and send them somewhere to a virus to spy software to a ransomware attack. Unless you were expecting the email and its attachment, do not click. Especially do not click if your instincts are suggesting that the email is suspicious, or if the email fails any of the other tests.
RED FLAG ALERT! Unless an attachment is expected and the email passes the other phishing tests, don’t download it.

Spammers and phishing artists seem to love putting accounts “on hold,” don’t they?

Here’s another email; this one with a very obvious sender email address issue. The attachment name simply doesn’t make sense, nor would Apple send an email like this (and certainly not without text in the email explaining the situation). Your instincts should be screaming at this one.

Which brings us to the penultimate test, and it’s a big one.

M is for Message (and Message Subject)

Look carefully at the subject line of the “Apple” email above. Note the mis-use of language. “Temporary” when it should be “temporarily,” and what does “Hold All Your Subscription” mean, anyway? Read the subject line carefully; does it make sense? If it doesn’t, or if there are misspellings or grammar errors, then that’s a RED FLAG ALERT.

The email message itself could provide a number of signs that the email is not legitimate.

1. Is there a message at all? No reputable company is going to send you ONLY an attachment. There will also be some sort of message. The “Apple” email above, which has no message, is pretty obviously an attempt to get you to click.
2. Poor spelling, bad grammar, and sentences that simply don’t make sense are signs that the email did not come from any reputable organization. Imagine that email being written in a dimly lit, smoke-filled hacker farm, somewhere across the world, where your language is not the spoken language – because that’s all-too-likely the truth.
3. Is the message asking you for personal information? If your bank is asking you for your account number, or your credit card is asking you to enter your complete card number, supposedly to “validate” that you’re the right person, you’re being scammed. Don’t give up any account numbers, passwords, or answers to any security questions in response to any email.
4. Did you win something wonderful – but you have no recollection of ever entering the contest? “Please type your login information here so we can upgrade your account for FREEEEE!” Nope. SCAM. Don’t take the bait.
5. Do you need to send a modest sum of money so that a big sum of money can be sent to you? Maybe you need to send the sales tax but the item itself is free? Another scam.
6. Is there some sort of threat? For example, did you get an official-looking email explaining that one of your accounts had been hacked, and you need to fill out the attached form to restore your access – and be sure to include a picture ID with your form submission? Scam.

The Ultimate Test and What To Do

The ultimate test for any email you receive is YOU. Beyond the SLAM method, if something doesn’t feel right or doesn’t look right, or if your “spider senses are tingling,” stop and do nothing.

Here’s what to do:

If the email might be legitimate but you’re just not 100% sure (sometimes our contacts get hacked and their email addresses send out phishing emails without them even knowing it), do this:

Using KNOWN methods of communication, email or call the supposed email sender and ask them if they sent the email. Don’t reply to the email, because your reply will go to the phishing artist, and don’t call a number provided in the suspicious email, either. Use your own contact information to reach out to the sender to determine the validity of the message you’ve received.

If the email is obviously a phishing attempt, as the examples above are, use your email client to report it. If you’ve been set up correctly, your work email account should have a “report phishing” button that will alert your email provider (typically Microsoft or Google). If the email came in to your personal account, report phishing or report as junk.

A Final Word

As you went through the list above, you might have looked at your work email account and thought “hmm, I don’t really get emails like that.” That’s good. But it doesn’t stop the problem.

If you check your personal email while on your work laptop, a successful phishing attempt could turn your work laptop into a gateway into your work systems. If you’re a remote worker and provide your own laptop to do your work, you’re likely mixing your personal and professional on the same system – so a malicious download or a bad click could take over both your personal and your professional lives.

The phishing email examples provided are real emails that came into a personal Hotmail account which were then opened on a work laptop. Fortunately, they were only opened to get the screenshots above, as the person who received them has neither a Netflix account nor an Apple account and immediately knew they were scams. (No email clicks were made in the writing of this page.)

Phishing emails are a very real threat to you, your colleagues, your employer, and your employer’s customers. Taking the threat seriously can keep you safe.