I recently received some awesome news via email. And it was totally unexpected. Check it out:
Now I can retire in style! :-)
Needless to say, this is a phishing email. We've talked about phishing many times in the past. And we keep talking about it.
So why does phishing still work? There are two primary reasons:
- No cost/low barrier to entry. It is effectively free to send out potentially millions of phishing or spam emails. Attackers can easily relay email through open mail relay servers, but there are other ways to send spam and phishing emails. Open mail relays are systems that send email but don't require any kind of identification. Here's some more technical info on open relays.
- Exploiting the human factor. People are busy and we all receive too much email. It's not always easy to take the time to figure out if an email is OK or not. Attackers leverage this by sending plausible-looking email, though there are plenty of poorly-created messages as well (like the one above that I received).
As I mentioned in a previous column, rather than looking examining an email for evidence of phishing, we can approach all email as if it's hostile and then look for indications that it's OK.
I won't be contacting the "friend" to sent me the above email. And I did not win.
Have you seen any interesting phishing emails you'd like to share?