CyberWarfare / ExoWarfare

Hilarious Phishing & Malware Attempts

Like everyone else (well, maybe more than everyone else)  I regularly get these phishing messages (“we try to make you click on the attachment, which of course is riddled with mal/ransomware”).

Hilarious to me, when it is sent to an automated, harvested e-mail address, which is 32 years old now (still works, obviously), and a “honeytrap” address these days.

Usually I just click on the “Junk” button, so the sender’s email address is fed into the global anti-spam and anti-phishing databases (the kind of ‘Spamhaus‘, SORBS, SPEWS, and such, which I helped survive against massive dDoS attacks originating from Russian spammers between 2002 and 2005) and thus “burned” … but in some cases, like this one, I am curious where they actually come from.

In this case, no effort is made to hide the origin in the SMTP headers:

Looking up that IP in geo-location services, three different services put it in St Petersburg, Russia (formerly known as ‘Leningrad’, now the second largest city in the Russian Federation):

That does not necessarily mean it is Russians behind it, but for such a lame phishing attempt, it seems hardly useful to run a proxy-server in St Petersburg to make it look like it comes from there.

So, to my friends over there behind the digital iron curtain: nice try! :wink:

Lesson for the esteemed reader: do not ever click on attachments you have the slightest doubt about; if the common-sense-check on a message fails, delete it.

If you are sure it is spam: “junk” it instead of “delete” – as outlined above, it burns the sender e-mail address in a very short time.

And if you actually think such a message could have any validity at all, go directly to your provider’s website (manually!)  and check on it there — let me repeat: do not ever click on any attachments.

Especially if you are of the faithful kind and run Microsoft Windows of any version …

 

 

 

 

 

 

By continuing to use this site, you agree to the use of cookies. Please consult the Privacy Policy page for details on data use. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close