Password phishing…another example
If you look at this, you will see a number of problems with this e-mail. Did you know that was BY DESIGN? This was designed to catch the people that don’t think too hard about it. Those people are less likely to realize that they gave their password away… which gives that bad-guys more time to steal their stuff!
Bad-Guy Playbook:
Make something look legit enough to be real to someone that isn’t paying attention. Make it look like something that needs to be done now; no time to think! Make it look easy enough that it won’t take much effort to do. Make it understandable.
![](https://i0.wp.com/www.paulbergman.org/wp-content/uploads/2022/09/2022-09-13_10-34-19.jpg?resize=510%2C492&ssl=1)
This example:
- Urgency – It expires TODAY! Better do it now…
- Looks like something you use and trust – ‘Look we are M-icros-oft’…trust us! (Yes, it actually said “M-icros-oft”)
- Has simple language – no big words, no punctuation
- Looks easy – ‘Keep same access’ <– easy right?
Latest posts by Paul Bergman (see all)
- Drive-By URLs: What are they? - July 26, 2024
- Beware of Fake CrowdStrike Fixes: A New Malware and Wiper Threat - July 25, 2024
- Ransomware targets Small and Medium-Sized Businesses - July 25, 2024