Premium Phish

Our IT Director shared a phishing email with me noting how professional it looked. While professionals, such as our IT director would not be fooled by a phish like this, many people would be fooled.

A picture of the body of the email is below. The “from” address would fool many people. The “to” address looks at least somewhat plausible as well.

Where you should spot that it is a phishing attack is the part in which it asks for your username, password, date of birth, and country. Hotmail, Live, Yahoo, Google, MySpace, Twitter, PayPal, eBay, and other legitimate sites are not going to ask you to email them your password, or to go to a web page to input your password (other then to tell you to log into your account). Never follow a link in such an email.

As for asking for your username, if they have decided to shut down YOUR account, then they know your username, no?

There may be some very rare exceptions, but as a rule, there are only two types of people who ask you for your password – Thieves and idiots. Never, give out your passwords. If this one would have fooled you, then let this be a good lesson for you.

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center – ESET LLC

Author , ESET

  • Silvio Gissi

    Well done, just a little short-sighted. If they added a link like "Click here to confirm your account" and ask the same details on an HTML form with the same "look and feel" of Hotmail, they would fool many more…

  • Vic

    While it does have a professional look, it still fails in that its has gramatically/spelling mistakes. Even if the password was not being requested the mistakes would give it away.

Follow us

Copyright © 2017 ESET, All Rights Reserved.