ESET Ireland has been following a surge of phishing emails redirecting users to faked banking, PayPal and Microsoft account sites for harvesting login details.
Although a surprisingly large number of people still use passwords like “12345” or “password” for their various accounts, cybercriminals have taken an easier route than trying to hack into peoples’ accounts. “Ask and you shall receive” seems to be their motto, so they send out emails that pretend to be coming from legitimate sites, notify the user of some unusual activity, and ask them to confirm or deny that activity by “signing into the service”. Except that the service in question isn’t actually there, but a faked site instead, which diligently logs all usernames and passwords entered and delivers them to the happy scammers.
In the past weeks, ESET Ireland has received several different emails of the same nature, and here are some examples:
1. Bank of Ireland
An email purporting to come from Bank of Ireland, claiming your account requires and update and providing a fake link “Click here to complete update”. The email has some bad spelling errors which give it away.
Fake Bank of Ireland email
An email pretending to be from iTunes, thanking you for purchasing “World Of Go” for €9.65 , then adding “If you did not authorize this purchase, please visit the iTunes Payment Cancellation Form within the next 12 hours in order to cancel the payment,” which requires you to “log in” to the fake iTunes site.
Nice of them to respect our privacy, eh?
An email looking like a detailed payment receipt, mimicking PayPal, with all the usual PayPal visual clues, claiming you paid $208.00 USD to Agoda Company online hotel booking site, adding “If you haven’t authorized this charge, click the link below to dispute transaction and get full refund – Dispute transaction (Encrypted Link).” The link, of course, isn’t encrypted and simply leads to a PayPal lookalike login harvesting site.
Fake link in “Encrypted link”
“expert-italia.it” address instead of “PayPal
An email abusing Microsoft’s name, with the subject line “Microsoft account unusual sign-in activity” that claims they detected unusual sign-in activity into your account, supposedly from South Africa, which is meant to make people suspicious, then offering a solution “If you’re not sure this was you, a malicious user might have your password. Please Verify Your Account and we’ll help you take corrective action.” Of course the only action they’ll be taking is signing into your account with the login details you just provided.
Legitimate looking email.
“yazarlarparlamentosu.org” instead of “Microsoft Corporation”
Actual Microsoft account log in
What should you do?
First of all, stay informed. The scams you know about are less likely to catch you off guard. We regularly keep you updated on our blog here or on ESET’s We Live Security.
Read such mails carefully, checking for clues. If the email had spelling errors or used poor language it is likely faked. A lot of the scammers come from countries where English is not their first language and they give themselves away. Also goes for similar scams as Gaeilge, where they likely used Google translate to try to fool native Irish speakers.
Do not click on links in emails. Even if you do have a Microsoft account and are alarmed by such an email, open your browser and go to Microsoft site directly. Also make sure the website’s address looks correct. In the case of the faked Microsoft one above, the website address read “yazarlarparlamentosu.org”, which is clearly not “Microsoft”
If you suspect you may have fallen for one of these tricks, change your passwords. To be sure, change them in regular intervals anyway.
If the email you received looks like it’s coming from your bank, pick up the phone and ring them instead of just clicking. They’re accustomed to scams like these and will advise you appropriately.
Think before you click and enjoy safer technology!
by Urban Schrott, ESET Ireland