![\"Example](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2019\/08\/27171243\/email-account-stealing-scr-1-EN.png\")
<\/a>Phishing letter frightening user with account deletion<\/p><\/div>\n
As for the corporate accounts, scammers often send phishing letters disguised as messages from corporate server or public e-mail services to shared addresses (including those used by administrators), but sometimes such letters reach the mailboxes of individual employees whose addresses have somehow ended up in spam databases.<\/p>\n
Companies that want to be taken seriously, large ones in particular, maintain e-mail servers of their own. The logins and passwords for such accounts are also appealing to attackers. Their messages are often betrayed by less-than-perfect appearance\u00a0\u2014 sender addresses from free webmail services, spelling errors, etc.\u00a0\u2014 but even such letters may be taken by inexperienced employees for the real thing.<\/p>\n
<\/a>In this letter an exceeded quota alert is imitated by phishers<\/p><\/div>\n
In case of targeted attacks on a specific organization, the scammers usually collect as much information about it as they can in advance to make their letters as convincing as possible. For a touch of credibility and uniqueness, they may build the victims\u2019 e-mail addresses into phishing hyperlinks, so that when the fake page is visited the address is already there, and only the mailbox password remains to be entered.<\/p>\n\n
Phishing letter variants<\/h3>\nSimple text with request for information<\/h4>\n
Scammers simply contact users on behalf of mail services on various pretexts and request users send them e-mail addresses, passwords and other information. Users are usually urged to reply to an e-mail address that is different from that of the sender.<\/p>\n
This phishing letter type was popular enough until scammers mastered more effective personal information theft methods.<\/p>\n
<\/a>Phishing letter with a text request for account information, including password. Never send anything in response to such requests<\/p><\/div>\n
Letter with a link to a phishing website<\/h4>\n
Phishing messages with links are currently the most common type. Scammers may use infinite numbers of pregenerated links, shuffle them from letter to letter in the same mail blast, create phishing pages that appear very much like legitimate ones, and automate collection and processing of stolen data.<\/p>\n
But those links clearly betray a scam, leading to domains totally unrelated to the purported organizations, or using misspelled domain names styled to look like the legitimate ones. That\u2019s why intruders try to conceal the addresses their links lead to. They do so by using clickable, hyperlinked text or images. Such text links may include phrases like \u201cUpdate your mailbox.\u201d In other cases, the text part of the link will feature the real mail service address, while the actual link will direct user to a phishing website. Many users won\u2019t see the difference unless they check the links before clicking.<\/p>\n
<\/a>Most phishing letters contain links to phishing pages\u00a0\u2014 avoid using those links<\/p><\/div>\n
Phishing attachments<\/h4>\n
Phishing letters may also contain attachments\u00a0\u2014 typically HTML, PDF, or DOC files.<\/p>\n
Attachments in DOC and PDF formats often contain both the body of the phishing message and the scam link. Attackers opt for this tactic when looking to make the actual text of the letter itself as short and as much like legitimate correspondence as possible to bypass spam filters.<\/p>\n
<\/a>Some phishing letters come with PDF or DOC attachments with links to phishing sites inside the attached file<\/p><\/div>\n
HTML files are used instead of<\/em> links\u00a0\u2014 the HTML attachment is in fact a ready-made phishing page. From the scammers\u2019 point of view, the advantage is that the attached HTML file is fully functional\u00a0\u2014 no need to post it to the Internet\u00a0\u2014 and has all the elements they need for the scam.<\/p>\n The login\/password entry form is contained in the phishing letter itself. Never enter anything into something like this<\/p><\/div>\n As regards the text of the letters, most of them begin by suggesting there is a problem with the victim\u2019s e-mail account: storage limit reached, letter delivery problem, unauthorized login, spamming accusations, alerts of other violations, and so forth.<\/p>\n The letter normally tells the user how to deal with the problem\u00a0\u2014 mostly by confirming or updating account data by following a link or opening an attachment. To frighten the recipient, it says if they don\u2019t follow the instructions, the account will be blocked or deleted.<\/p>\n\n In almost every case, the letter sets a time frame for response, somewhere from several hours to several weeks. Usually, it\u2019s 24\u00a0hours\u00a0\u2014 both credible and not long enough to let the victim relax and forget about the letter.<\/p>\n \u201cYour account will be deleted within 24 hours due to spamming.\u201d Threats and time limits are typical phishing tricks<\/p><\/div>\n Sometimes, atypical phishing letters target e-mail accounts. The text of such messages may make no reference at all to e-mail or account data. The letter may look quite like real business correspondence.<\/p>\n We should mention that the volume of fake business letters used for phishing has grown in the past few years. Messages of this type are usually used to deliver harmful attachments, but some of them also phish for personal data. A regular user may have a hard time detecting a phishing letter\u00a0\u2014 cybercrime counts on that.<\/p>\n When hunting for corporate accounts, using fake business correspondence is a common tactic<\/p><\/div>\n Some users will never suspect the fraud and will follow the link to log in and view a nonexistent document.<\/p>\n Phishing website prompts user to sign in to view a document referenced in the phishing letter<\/p><\/div>\n Now that we are done with the format and content of letters, let us see what phishing webpages may look like and speak about the elements to pay attention to so you can detect fraud.<\/p>\n The first thing deserving close attention is the link address. The address can betray a scam right away. Typical signs of fraud include:<\/p>\n Just as with letters, phishers try to make fake webpages as much like the real ones as they can. But details always get left out\u00a0\u2014 although unfortunately, not all users are able to see them.<\/p>\n That part is easy to understand; few people recall the exact<\/em> appearance of the official homepage of their online services. So, to create a convincing phishing page it is often enough to use key characteristic elements: color scheme, logo, etc.<\/p>\n Fake webmail sign-in page<\/p><\/div>\n For phishing pages designed to steal free webmail logins and passwords it is typical to feature links to several webmail services on the same page.<\/p>\n As soon as any of them is clicked, a window pops up that looks like sign-in page for the relevant service. In this way, scammers can collect data for several kinds of account using just one page, rather than creating separate pages for each.<\/p>\n This phishing website fakes logging in using different webmail accounts<\/p><\/div>\n Phishers can reach even more potential victims by, instead of pretending to represent a specific mail service, using letters (on any general subject, for example, the aforementioned business correspondence option) that link to a phishing page with a choice of the most popular webmail services for users to pick the ones they need.<\/p>\n Another example of a fake webmail sign-in page<\/p><\/div>\n The time-limit trick we mentioned when discussing phishing letters is sometimes used on phishing pages, too. As soon as a user opens the scam page, it begins a visible countdown of the time remaining for the credulous user to enter their data.<\/p>\n<\/a>Topics of phishing letters<\/h3>\n
Account problems<\/h4>\n
<\/a>Imitation of business correspondence<\/h4>\n
<\/a><\/a>Phishing page variants<\/h3>\n
\n
<\/a><\/a><\/a>