Thursday, April 13, 2017

Beware of Spoofed Emails and Spoofers

Beware of Spoofed Emails and Spoofers

Yesterday one of my office tenants showed me the following spoofed email.


I guess I might ought to define what I mean by the term Spoof.

Spoof - defined:  1.  Imitate (something) while exaggerating its characteristic features for comic effect.  "It is a movie that spoofs other movies."  2.  Hoax or trick (someone).  "they proceed to spoof Western intelligence with false information"

Email spoofing is the forgery of an email header so that the message appears to have originated form someone or somewhere other than the actual source.  Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source.  Spoofing, in general is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver.

This spoof was impressive.  Basically, he received an email notification that his Fidelity Investment's account was locked.  He, though knowing better, clicked on the link to find out what the problem was.  He then realized that he should not have opened the email.

When I say impressive, the email looked like it came from Fidelity Investments, it had many of the realistic drop down windows and functions like Fidelity Investment's as you can see above.

Note:  The email should have been addressed to the recipient in the body of the email.

But, once he placed his curser over the email address the sight took him to, he could clearly tell that it was not from Fidelity.  (See below)

The Spoofer is phishing for unsuspecting people who have an account at Fidelity Investments and is trying to obtain your logon information and password.  Once the Spoofer has it, he / she will liquidate your account and steal your hard-earned money.

It is easy to get sucked in.  Be very careful.  If you receive one of these emails, and you will if you have not already, do not click on the link on the email, instead go directly to the website you normally go to and log on to your account to verify that there is a problem.  And verify that you are locked out of your account, which in my friend's case he was not.

I recently received such a Spoof from what looked to be an email from Drop Box.  Like my friend, I clicked on the link and started to log on to my Drop Box account.  I immediately realized I was spoofed.  I contacted my I.T. firm, Bit by Bit, and the representative verified I was correct.  He told me to log on to my account and change my password immediately.  I did so and I have had no problem since.

My assistant more recently told me as she was looking at her emails on her phone and she had received a notification from her bank she was locked out of her account.   I told her not to log on through the email but through her bank website directly.  She quickly found she was not locked out.

The take away,

There are many crooked people who want to take your money.  Be very careful, be very aware of them.  Do not click on the spoofed email links directly. I was listening to the news this morning and online theft is the biggest and growing crime.  No longer do you find banks robbed at gun point like we have in the past.  Online criminals are very hard to catch and prosecute.  The ill-gotten gains they obtain are tremendous.

Be careful out there.

For more information on how I may be able to contribute to your financial success contact me below.

Corey Callaway
Registered Investment Advisor
(817) 274-4877

Mojave Upgrade - Apple 2