Welcome to the phishery!

| On Monday I received a remarkable notice from Amazon.com, informing me that my "Apple iPhone 7 AT&T 128 GB (Jet Black) Locked to AT&T" has shipped. Remarkable because I had not ordered an iPhone.

http://williamsonpsp.com/assets/chronicles/2017/02/16_fake/fake-notice.png
Fake notice from "Amazon"
A real Amazon notice
A real notice from Amazon

At first glance, the notice looked real enough. Real enough that I was sorely tempted to hit that "Order details" button to find out when I had placed this order. I have been known to talk in my sleep, but I'm unaware of any shopping episodes in my sleep.

On the other hand, there were just a few things "off" about the notice.

Accordingly, before I hit that button, I hovered over it to see where the button would take me. Quelle surprise! Not to Amazon.com!

Actual URL behind the button
Oho! What have we here? .CL is the country code for Chile, and the URL tells the server to load page get.php and do some stuff — not likely to be something I want to happen!

 

So, I'm not going to get an iPhone after all. Heaven knows what I would have gotten if I had clicked the button. It could have loaded some malicious malware on my computer, or it could have been a phishing attempt to get me to divulge some information that could be used for another scam.

The moral of the story is, Look carefully. What you see isn't always what you get. Before you click a button or a link, hover your cursor over it and look at the bottom of the window where the browser or email program will show you where a click will take you.

I keep thinking there has to be a way to get these guys, but the reality is they move in the shadows, do their dirty work, and disappear only to reappear again later using a different domain or email address.

 

Last updated on Feb 14, 2017

Chronicles

Archives

Recent Articles