All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com

Thank you for buying via links and ads on this site,
which earn me advertising fees or commissions.
As an Amazon Associate I earn from qualifying purchases.

Other World Computing...
B&H Photo...
Amazon
As an Amazon Associate I earn from qualifying purchases.
Upgrade the memory of your 2018 Mac mini up to 64GB
877-865-7002
Today’s Deal Zone Items... Handpicked deals...
$300 $175
SAVE $125

$999 $799
SAVE $200

$2798 $2198
SAVE $600

$348 $278
SAVE $70

$389 $299
SAVE $90

$2098 $1298
SAVE $800

$1479 $1079
SAVE $400

$322 $242
SAVE $80

$1479 $1079
SAVE $400

$330 $330
SAVE $click

$498 $398
SAVE $100

$180 $140
SAVE $40

$500 $275
SAVE $225

$180 $136
SAVE $44

$130 $100
SAVE $30

$2997 $2497
SAVE $500

$3498 $2998
SAVE $500

$370 $370
SAVE $click

$4899 $4499
SAVE $400

$1000 $1000
SAVE $click

$1699 $1149
SAVE $550

$280 $230
SAVE $50

$1899 $1499
SAVE $400

$4499 $3499
SAVE $1000

$2198 $1998
SAVE $200

$3998 $3498
SAVE $500

$1799 $1699
SAVE $100

$18599 $16599
SAVE $2000

$1149 $799
SAVE $350

$650 $450
SAVE $200

$199 $119
SAVE $80

$280 $200
SAVE $80

$1399 $1049
SAVE $350

$1199 $779
SAVE $420

$250 $200
SAVE $50

$1699 $1149
SAVE $550

$195 $125
SAVE $70

$79 $49
SAVE $30

$120 $30
SAVE $90

$189 $159
SAVE $30

$3699 $1299
SAVE $2400

$3899 $1499
SAVE $2400

$2999 $1999
SAVE $1000

$1699 $849
SAVE $850

$1698 $1198
SAVE $500

$1149 $799
SAVE $350

$1399 $1049
SAVE $350

$1498 $998
SAVE $500

$2797 $2497
SAVE $300

$280 $230
SAVE $50

$700 $500
SAVE $200

$899 $549
SAVE $350

$1699 $1149
SAVE $550

Security: Phishing Email Purporting to be a Buyer Complaint

A few weeks ago, this blog discussed Phishing Email Purporting to be a Password Reset Notification.

NEVER CLICK on LINKS or ATTACHMENTS in EMAILS

Nearly all phishing uses bait (and you’re the fish). Bait can be subtle, threatening or insulting. Don’t bite. All bait is designed to provoke a reaction: fear, anger, your innate desire to help or solve a problem, etc. Appeals to decency and honesty work because most people want to set things right, even if they did not cause the problem—it’s the desire to help. Don’t let your good side be baited into helping someone hack you.

Below, the attached file looks like an HTML file in the Apple Mail window. The recipient is urged to open it in order to resolve a problem with damaged goods. But it is really an encoded javascript with inscrutable purpose. If the html attachment (an encoded javascript) is opened, it will rewrite a web browser window, sending the browser to a web page with evil purposes.

...script type="text/javascript">
document.location.href="data:text/html;base64,DQoNCg0KDQoNCi...

Why does Apple Mail EVER allow this level of exposure to risk? It is security malfeasance for an email program to present users with such risks. There is near zero virtue in supporting such attachments in email, since the 99.9% case is malware or spam. It’s about time Apple fixed such sloppy security practices in Apple Mail: users should not have to be aware of such risks—the risks should be eliminated.

Below, a bogus return path (anciens@aegee.org), unprofessional greeting, incorrect grammar, etc are all giveaways. But what if the hackers aren’t this stupid and the approach has none of those easy to spot faults? See Apple Mail Security: Viewing Mail Headers.

Phishing email purporting to be a problem with a shipped product

Source code for the ad.

Source code of phishing email purporting to be a problem with a shipped product

See also:

View all handpicked deals...

Apple 13.3" MacBook Air with Retina Display (Early 2020, Space Gray)
$999 $799
SAVE $200

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__