I received another convincing phishing attempt today, this one was from someone claiming to be CareerBuilder. It was the first email I read this morning and in my sleepy haze, was thinking, “Well, finally!” I almost hit the link. Here is the screen shot.
Click to Enlarge
While it looks great, very convincing, the text reads like a google translation, or worse since the translator usually gets the punctuation right.
The url in the download link is to a site the could be easily mistaken for something belonging to CareerBuilder. Most likely whatever it is malware of some sort. It’s certainly not security software — trust certificates are installed by visiting the site with trust, not through a download. Since most malware is written for Windows, it’s unlikely that it could have effected a change on my computer (a Mac) but there is no guarantee on that.
The link also contains a hash (a long string of letters and number) that could be used to uniquely identify my computer on the internet. So, just clicking the link could tell these people (destined for the “Special Place”) that my email address is valid, and then do whatever they want with that information, like spam me, or sell my address to spammers.
Tips for detecting a phishing attempt:
- Double-check the sending address, this one was mailed from a gmail.com account. It should have been from someone at careerbuilder.com. Except no substitutes, as they used to say. The email address can be faked (spoofed) so having the correct address is not a guarantee, having the wrong one is an indication of fraud.
- Read the text. Many of the scams originate from Russia, The Ukraine and Somalia (to name a few) and English is not the first language. So unclear phrases, misspellings, and missing or misused punctuation should all set off an alarm in your head. Not having mistakes is not a guarantee of validity.
- Reputable organizations with an online presence avoid technobable when communicating with you. They take the time to explain themselves clearly and in very few words. Scammers tend to use more technobable or wordy explanations. Phrases like analyze of client side contents and Security Certificates are jibberish. It might sound valid, but if what is happening is not crystal clear to you, then don’t believe it. This scam was almost believable partly because it was so brief. That’s usually not the case.
- Check the download link. By hovering your mouse over the link, the address will appear either in a tooltip or on the status bar at the bottom of the screen. (If your mail client doesn’t do this, consider upgrading or finding a new mail application.) This link went to a file at cb-downloads.com so I wasn’t convinced it was from CareerBuilder. In fact, if you are over 30 (I am) and don’t know what LOL means, you probably shouldn’t ever click anything.
- Notice this one gives me only five days to comply. Organizations typically have a roll-out plan to migrate their users to the new system. A roll-out usually starts with one or more messages announcing the upcoming changes and what steps you will need to take, weeks in advance. Scammers can’t afford to give advance notice or they will be discovered. So, if this is the first you’ve heard of the change, it’s probably not real. Secondly, a rollout is usually engineered so there is little or nothing to do at your end, it happens automatically. If there is anything you need to do, it would have been mentioned in the announcements.
One last thing. Despite my precautions there is still a chance the scammer has my IP address. You will notice there are pictures in the email. These pictures are downloaded from the scammer’s server and when that happens, my computer connects to their server and they exchange a bit of information, enough information that they can uniquely identify my computer. To avoid this type of attack, online services like GMail hide the graphics unless you give the sender the thumbs up. Only then does your computer talk to the server (and sometimes not even then). Most email clients like Outlook and Mail.app have options that can hide the graphics or turn off HTML mail (which converts it into plain text, and that can look ugly but at least it’s safe).
