Almost every day a simple email can take down your business, whether leading you to a malicious site, or to a web-page that tricks you into providing personal information. The trouble is, these phishers are smart. They know which email addresses receive the emails, which open the emails, which ones download the images. If you click – and you’re lucky, then you won’t get infected, but may end up on a page where they attempting to trick you.
First off – DO NOT CLICK THE LINK. Even experienced security professionals can be caught out if the page has a zero-day infection, so unless you have the proper tools (disposable virtual environments with sandboxes), the simplest thing is DO NOT CLICK THE LINKS.
Here is a phishing email we received last night:
This Phishing Email Pretending to be from DocuSign arrived last night.
Notice how just hovering the mouse pointer over the ‘VIEW DOCUMENT’ link reveals the destination link. It is NOT to the DocuSign website, but instead to a domain which is probably hijacked (possibly through an insecure website system, such as Drupal, Joomla or WordPress). The website might have been setup specifically for the task, but more likely it was hijacked. These website then host the malicious code, or fake forms where you enter the details.
In this case, the page was a REDIRECT – which sent the unwary click to another website where the pages were hosted.
Here is a link to the VirusTotal.com website for results for this page – that the time of posting, only THREE antivirus vendors had this address flagged as a phishing website. That means if you use any other antivirus, then the page will NOT be blocked by the web protection module of your antivirus!
At time of posting, only 3 out of 63 Antivirus engines flagged the address as unsafe!
So what is the answer?
Unfortunately, as long as there is phishing (which will probably be forever), nothing can protect you better than your own vigilance! Trust no emails, do NOT click them. If in doubt, throw it out!