I woke up this morning to an email that is targeting me in a phishing scam. Which is really bizarre as I spend a lot of time and effort writing about and helping people deal with scams. Now I get that scammers don’t read this blog, and don’t know that I spend a lot of time and effort exposing their nefarious activities so that my readers don’t run afoul of scams. But it is still kind of bizarre when one hits my inbox. Especially since this specific scam leverages my email server:
Before I get into dissecting this phishing email, let me disclose something. I run my own email server and I have total control over it. That is part of the reason why I find this phishing email bizarre. Because this scam would lead me to believe that I was sending an email to myself as I am the administrator of this server and the user of the email account on this server.
In any case let’s walk through this email. It is using the following elements to get you to hand over your email credentials:
- It claims that you have emails pending for delivery and you need to do something to get them into your inbox. It also claims that if you don’t take action “users” won’t be able to receive new messages, and you need to prevent that from happening. That’s the call to action so to speak in terms of getting you to buy into the scam.
- It also claims that any emails that are in this state will be deleted in “1 day” and they will “delete the data 90 days later”. That’s to create a sense of urgency so that you fall for the scam.
So why would someone want me to hand over my email credentials? Simple, the scam is meant to be a gateway to allow the scammer to perpetrate identity theft or take over the mailbox to use it for some other fraudulent activity. Or they may be trying to simply drop malware on your system.
Your best advice is to never, ever click the links that are in an email like this. And if you have already trusted such an email and attempted to log-in with your account details via a third party site, you are strongly advised to immediately change the password within your email service. Then scan your computer for malware.
Speaking of the link, this was the link that was present behind the words “Recover Pending Messages to your Inbox”:
https://siasky.net/EACVfUpVNlUjV1WtVftU_p8aJqloinzOcbOUSc5xCd6J5w#nerd@theitnerd.ca
From what I can tell as a page never came up when I went to this link, it’s either trying confirm that the email address was live, or drop some malware onto my computer, or do something else evil. I cannot say for sure. But I took my own advice and changed passwords for the email accounts that are on this server just in case. I’ll be watching things very closely over the next little while to see if these threat actors do anything else as I have now made myself a bit of a honeypot for their activities. And if they do something interesting, you’ll be the first to know.