Lately, I've been seeing an increase in a certain type of social engineering -- aka, phishing for confirmation that my email address is live or phishing for passwords, etc.
Generally the subject line is something designed to cause you to feel alarmed:
Subj: SUSPICIOUS TWITTER ACCOUNT ACTIVITY
It might be more low key, though:
Subj: Confirmation request for Zoom password reset.
Of course, it could be Twitter, or it could be Google, Facebook,
Pinterest, Line, Zoom, TikTok, Youtube, or any popular SNS service. Or a
chat service like Discord. Or it could be an on-line merchant or delivery service --
Amazon, Kindle, Apple, eBay, DHL, FedEx, UPS, your country's post office, whatever. It might even be your country's tax or immigration agency.
It could be any service that operates
on-line.
That is to say, it might
claim to be any of the above or more. People can claim anything.
Here are some typical messages:
XYZ tried to log in to your Google account. Is this okay?
Or, similarly,
A login to Facebook was attempted from phone number 123-4567-8900.
- This was me. it was safe.
- This was not me. Report it.
Or, in a slight variation,
Confirm your password reset for Pinterest.
If this was not you, you may safely ignore this message.
And this is kind of sneaky:
Click here to confirm unsubscribing from the PQR mailing list:
- UNSUBSCRIBE ME NOW!
- Please keep my subscription valid.
- Report SPAM
And it could be for other things than password reset, like an order confirmation:
Please confirm your order for frozen pizza dough.
- Yes, please send it.
- No, I did not order it.
Or a delivery time confirmation:
You have requested delivery from Ebay user MNO between
10:00 and 12:00 this morning.
- I can receive it then.
- I can't receive it then, please reschedule me.
Of course, if you're not expecting these, you immediately suspect it's phishing. Don't you?
Maybe not the suspicious account activity?
Cardinal rule #1:
Always check the message headers.
Make sure the from: line has something reasonable. Random freemail accounts are
not reasonable for this kind of message:
from: applecare_2349fasdfer43234@pink.freemail.com
is clearly not an address Apple Care would use. Also, long to: long lists of people you don't know are red flags, even if your name and your e-mail server is in there:
to: jack.rees09@sannet.ne.jp,joel.rees52@sannet.ne.jp,
joel.ross12@sannet.ne.jp,jill.russet69@sannet.ne.jp,
janehaskel314@sannet.ne.jp,jody35@sannet.ne.jp,
james7734@sannet.ne.jp,...
Ask yourself, are you expecting some message related to this? If you do not participate in Pinterest and you get a message from them about your account, it almost certainly is
not a valid message.
If you aren't sure, and you feel you need to be sure, you can always contact the claimed source by some other means. Find their phone number or e-mail in their website and contact them directly.
Never click a link in an e-mail message without a really good reason.
And there usually is no good reason. Live links in e-mail messages are just bad practice, even though almost everybody uses them now.
If necessary, you can right-click the link, use the context menu to copy it, and paste it into an empty text editor document so you can give the link the benefit of attention from your eyeballs.
Again, look for reasonable URLs. A message from Pinterest should not contain a URL for a free website server in China or Russia:
https://bot5773857734.serversrus.cn/asdkj324w34asd334/confirm-password
Is just not a link you should ever try to jump to, with a direct click or otherwise.
Again, go to the website in question using publicly known URLs to find somebody to ask, if it's important. If it's not important, ignore it.
People can claim anything. One of the first rules for protecting yourself is to doubt claims you have no reason to believe.
Another important rule is to do the hard part of the research yourself. Learn how to look at headers and the contents of URLs.
This post is not intended to teach you how to do the hard part, just putting out a heads-up:
Be careful what you click.\