Re: unauthorized access
Earlier this week, I got the following email from my Mom:
To: Brad Choate
Subject: Fwd: unauthorized access
I think you will tell me to ignore this. Right?
————— Forwarded message —————
From: Strife, C Frederic (FRED STRIFE MD) <[email protected]>
Date: Thu, May 2, 2013 at 4:31 AM
Subject: unauthorized access
Dear Valued Staff,
We suspect an unauthorized access on your account. To ensure that your account was not compromised, please click HERE http://updates.a.nf/ to confirm your identity and update your account.
(c) 2013 Webmaster Inc
Now, my Mom is not new to computers. She’s been using them since the ’80s. But she is susceptible to social engineering, because prior to the Internet, she wasn’t trying to be conned all the time. So, every now and then, she forwards an email like this to me, asking if it is legitimate or not. I typically just give a short “Nope; just delete that.” kind of reply, but this time, I decided to give her more to learn from. Here’s my reply:
From: Brad Choate
Subject: Re: unauthorized access
Yes, you can ignore an email like this. There are too many warning signs to even consider this is valid at all:
- Who is “Frederic C Strife” and why is he emailing me about my account?
- What is “Webmaster Inc.” (from the message)?
- Why does this Frederic person think I’m part of his staff (from the message)?
- What account is this in reference to in the first place?
- What is the “cchmc.org” domain (from their email address)? You’ve probably not seen that address before.
- What is the “updates.a.nf” domain (from the link they want you to use)? “nf” is the domain for Norfolk Island, which is a small island near Australia. What would that have to do with any of my accounts?
- Why is this email so short on information if it involves something so serious as unauthorized access to my account?
The email subject alone is enough to give me pause: “unauthorized access” — all lowercase, and a phrase that is purely meant to scare you and lure you into this trap.
At best, it was sent to you by mistake. At worst, it’s a link that will take you to a web site where it will attempt to install software on your computer than could contain a virus. But in this case, it is sending you to a web page that looks like this:
There’s nothing here that tells you you’re on a Google property. It isn’t explaining the situation further at all. It’s simply asking you to hand over your email address and password. They will then take it and attempt to use it to access your email. Why? To sift through it to obtain information about you, or useful things like information about other accounts. They could also change your password to lock you out of it. An email address is often used as a way to verify access to other accounts. They could request a new password for a bank account or your Amazon.com account (which could be discovered from your email history), which would send information to your (now compromised) email address for how to reset that password.
So, thanks for asking, but this is just a poor attempt to gain your email account credentials, pure and simple. Don’t fall for these.
More information on how to spot these right away:
This spammer was pretty lazy, actually. This is one of the more obvious ones. Some will mimic an email notification from a legitimate service like Gmail, or Yahoo! Mail. And the website itself is also pretty basic and not an attempt to appear to be any website you might recognize. Even the link in the email is unobscured. My guess is that they don’t really have to try. There are enough people that will simply click on that link and fill in a form like that without thinking much about it. (I did find it funny that they’re putting a captcha here… is this form being spammed?)
Be on your guard. As I explained to my Mom, obtaining your email account can open you up to other problems, including accessing other accounts that may be tied to your email address. At the very least, your email account could be used to propagate more spam and phishing attacks like this one.
Additional resources to educate yourself about phishing: