Email Security Blog

Fresh Phish: Catch of the Day: Phishing attack gets shut down with INKY phish fence

The United States Postal Service, they drive on the right, and as the saying goes; neither snow nor rain nor heat nor gloom of night stays these couriers from the swift completion of their appointed rounds. I must be honest, things do breakdown a bit when it snows. That said, of all our much-maligned public services is there any group of people we trust more than the United States Postal Service? When was the last time you lost a letter or had a package compromised? It’s with that backdrop of trust that today’s catch of day arrives…

 

001 - COTD - USPS - 01

 

In our digital world, point and click shopping is all the rage, depending on the time of year, and our boredom levels the number of packages heading to our front doors can make keeping track of our incoming deliveries a daily chore, if you have multiple online shoppers in your home or a generous and internet savvy Gam Gam it can make your daily parcel pick as strenuous as it is surprising.

Phishing Attempts Get Clever

Behold catch of the day, it’s a helpful tracking notification from the USPS, familiar branding, color schemes and iconography put your mind at ease as you try to remember exactly what it was you ordered. This Phishing attempt is effortless in its call to action – it is so subtle it doesn’t even have one – it presents its target with a link that you’d almost definitely click – a tracking number. Alas, at the end of this particular tracking number there is no limited-edition hacky sack, no Gansu Knives and no refills for your bedazzler. Sadly, it’s just an opportunity to share your personal information and float off into an ocean of trouble…

So let’s break this down – the email goes to this link:

https://www.surjomukhi.net/js/GRACE_UPS/?vfy=user@example.com

Which brings you to this page: 

001 - COTD - USPS - 02

 This is a fake Microsoft login page. This attack is actually an attempt to harvest Office 365 credentials, under the guise of needing to log in for shipping details.

INKY detected it based on the visual appearance of the email pretending to be from USPS. and flagged it as malicious.

If you are one of our numerous clients and have INKY Phish Fence installed - immediately this email was flagged as nothing more than a piece of smelly Phish. Phish Fence’s ability to combine AI, with Machine Learning and Computer Vision allows us to catch even the most sophisticated brand impersonation attempts allowing us to confidently place this piece of Phish where it belongs: in the trash! (AKA – quarantine folder).

Sign up for a demo today and let INKY look deeper.

Topics: