Support.com
Need Help Now?

Support.com Blog

More real examples of virus attacks and phishing attempts

Posted on: 06/17/09

Despite the best efforts of our corporate spam filter, email virus and phishing attacks sometimes sneak through.  The same applies for your ISP's virus filters.  And even if you have the best anti-virus on the market installed and up-to-date it is still possible to get infected (although less likely).  To help you avoid getting infected or scammed here are some additional real examples of virus / phishing attacks I thwarted by closely inspecting email and links before taking the "no turning back" step of clicking.

First, here is an email I received last December:

This attempt to scam me was obvious to catch.  In addition to being a pretty sloppy email from a major corporation there is the red flag of the link URL.  Note what follows "bankofamerica." in the link - instead of ".com" there is ".demoversions10.com" - that means the link is not going to take you to Bank of America's website but somewhere else.  A slightly more clever scam artist would have made the display link have "bankofamerica.com" but the actual link point somewhere else.  The general rule to avoid making mistakes is never click on a link in an email before being 100% certain where the link is going to take you - and even then check the browser address bar to make sure you ended up where you thought you would.

To be even safer I would add never click on links in email that have to do with your financial information.  Instead, go directly to the website and log into your account - if there is something your financial institution needs you to do - they'll tell you when you login.

Here is a more insidious attempt to scam me that recently hit my inbox - much more sophisticated (and, therefore, likely much more successful).  The scammer has found and swiped links to graphics off of Bank of America's actual website - so the email looks pretty convincing:

In my case it was obviously a scam - I'm not a Bank of America customer.  The scammers sent out thousands (if not millions) of email messages in the hope of tricking people into clicking through the link.  Note that in this case the link appears to take you to "bankofamerica.com" - appears to because the link displayed on the screen doesn't have to match the actual link you click to.  In this case the actual link is http://direct-certs.bankofamerica.com.ll1hfj1.net/direct/certupdate/upda... Note what follows the "bankofamerica.com" - "bankofamerica.com.ll1hfj1.net".  The actual website this link takes you to is completely different from the link displayed in the email text.  How can you see what link you are about to click through to? Easy - just hover your mouse over the link and you'll see the actual link.  If you have any doubts - don't click!

Here's another easy scam to avoid - this scammer didn't make any effort to hide his tracks.  In addition to the URL being "w-crook.com.ar" (sounds suspicious already) the bright red flag is a link to a program executable (a file ending in ".exe").

That leads to another simple rule - never click on or download an executable file (a .EXE).

All of these nasty emails made it through the very robust systems we have in place because the danger isn't in the email or attached to the email but rather the links in the email.  It is much harder to sniff out bad links than it is to stop bad files attached to email.  As a result many of the tricks being played on innocent consumers are the result of email attacks that trick you into clicking on a link.

Other resources we've prepared that you'll find useful:



Edit your comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
11 + 8 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
Subscribe Via RSS
Watch On YouTube

Copyright © 2014 Support.com, Inc. All rights reserved. Support.com, the Support.com logo, and Personal Technology Experts are trademarks or registered trademarks of Support.com, Inc. in the United States and other countries. All other trademarks are the property of their respective owners. Terms and conditions, features, pricing and service options subject to change without notice.

Social Media Connect with us on Facebook Follow us on Twitter Connect with us on YouTube Connect with us on LinkedIn