Phishing Email Scam – Spotting Red Flags

Phishing Email Scam – Spotting Red Flags

By Abhijoy Sarkar | Ghumat Trading | 11 Mar 2020


Emails continue to be the most popular form of business communication ever since their introduction more than 30 years ago. Email clients are free to use and the original protocol (SMTP) has few checks and balances to prevent malicious action such as spoofing (fake sender address). As a result, email scams such as phishing attacks (social engineering to obtain personal information) are commonplace now. With cryptocurrencies ushering in a new wave of users to the tech space, phishing scams targeting these users have gone up as well. In most phishing attempts so far I had noticed one or two red flags to identify the scam. But recently, I received an email that had multiple red flags which gave me an opportunity to write up this piece on how to identify phishing attempts.

 

So this is the email that popped up in my inbox a few days ago:

351665157-67777de30bcb71e6d5b9c274d28f5e68a66606aadbcd508af7fc0b0aa4b64a44.jpeg

Looks like a normal email from Blockchain.com verifying your email address, right? It’s not what it seems. Here are the red flags that should get your alarm bells ringing:

 

1. Message sender is not blockchain.com - if you look at the from and reply-to information, it is from a different domain (julie*************age.com) and not blockchain.com. However, in some cases, scammers can use email spoofing to make the sender look like a genuine service. Thankfully, they didn’t in this case:

351665157-86af1e2b8b5ddc26b14e69221d79c5f728f3aef15cfc6142c3e56eef18b820ad.jpeg

I have masked the domain name in the event this turns out to be a case of business email compromise. However, the domain’s website has a contact email address which belongs to a different (but similar sounding) domain. So it could be an impersonation attempt of a legitimate domain to send out phishing emails.

The domain’s website leads to a wedding photography page

The domain’s website (julie*************age.com) leads to a wedding photography page. But contact email on the site is of a different domain (julie*******i.com) as mentioned above:

Contact email on the site is of a different domain

P.S. I sent an email to contact@julie*******i.com giving them a heads up in case this was a business email compromise issue. Unfortunately, the email bounced and couldn’t be sent.

 

2. Typographical and grammatical errors in the email body - an email originating from a legit service usually doesn’t have spelling mistakes or bad grammar. This email had several:

351665157-22f9bc8dc13972fc0faa5c68223f5c3fa5be67add78a30ad41e5c27cd5c5aee1.png

 

3. Hyperlink to unofficial domains/Google docs - The verification button “Yes, This is email” links to a Google doc instead of redirecting to a blockchain.com address:

351665157-7122c28e33692132a4c836b3e86b2a3c7297a6c642aacacd389f3d68fcd9523b.jpeg

The text snippet below the mail body had the same Google doc link as well:

351665157-a5525878dbe75bb7ba6c5dc23777ad57b2d98d4bbd4ee63faafaf6fde5802430.jpeg

 

4. App links do not work - The Android and iOS app links in the email are actually image files and do not redirect you to the Play Store or App Store:

351665157-af929a8e8e1cc3bd76f429819c7e941b56a2009e65f6203f33c40ba5a2074e0e.png

 

A well-made phishing email typically has fewer red flags that can be noticed. This particular email was probably crafted in a hurry. So stay safe out there folks. If something seems out of the ordinary, it is always prudent to have a second look. Actual verification emails will never ask for your passwords, OTPs or any personal details. A verification email usually consists of just a click-here-to-verify link. If you are ever wary of an email, you can always cross-check by forwarding the mail to the actual support email address and ask if they sent it to you in the first place or verify from their social media channels.

 

About the Author:

Abhijoy Sarkar is a banker-turned-entrepreneur. He is part of The Ghumat Collaborative that tries to simplify crypto and blockchain for new folks.


Abhijoy Sarkar
Abhijoy Sarkar

Full time CEO, part time Parachuter


Ghumat Trading
Ghumat Trading

Cryptocurrency and Blockchain demystified brought to you by Ghumat

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.