Attackers make your phone your enemy

We all love our phones – If you consider them a part of your technological interface to the world you can say that they actively make us smarter – you can access the total of human knowledge from the palm of your hand almost anywhere.

However, when attackers craft Phishing emails trying to steal your account information, your phone is often not your friend.

I encountered this message this morning – here is a screenshot from my phone

OK – this is dangerous – there are almost no clues that this isn’t valid.

From a technical standpoint – emails aren’t “returned” they are “bounced” or “rejected” but that wording could be a “non technical friendly” choice.  If emails are “rejected” you can’t “recover” them, you would have to ask the sender to resend them. Also, the receipt of emails at the mail server doesn’t have anything to do with “syncing” – mail at the mail server side is “received” not “sync’d”.

However, that’s all technical – I bring it up because I believe at first glance a lot of technical people would be fooled by this email as well. So, don’t feel bad if you think that email looks legit! I had to re-read it a couple of times to understand why I thought it wasn’t right. (Well, that and I knew my account was up to date and there were no technical problems with my Office 365 account).

What can a non-technical user look at for clues?

First off, don’t answer or click these messages on your phone, they can wait until you are in front of a computer.

If you must consider dealing with something like this on your phone, find a way to view the entire sender address – this is usually the primary giveaway you can look for and these messages are especially dangerous for phone users because phones only display the friendly names, not the longer “name@company.com” address.

Repeating that – find a way to view the actual sender address.

This particular message has nothing else that stands out in the way of grammar or mis-spellings. I expect this to continue, grammar and spell check services will start being used by the people that try to scam you too, so grammar and spelling errors are going to be less prevalent.

If we look at this message on the computer – the sender address is obviously garbage.

 

Good luck and be careful out there.