Wednesday, August 31, 2016

New York Times URL Shortener service using Bit.ly

Looks like the New York Times URL Shortening is now active and uses Bitly.

New York Times shortened domain is of nyti.ms

For those that don't know, the Bitly default domain name is bit.ly

but this URL works as well. 

So the solution seems to be an URL domain alias.

Tuesday, August 30, 2016

Phishing Email - Apple Your Recent Information

Phishing Email - Apple Your Recent Information

For the record a recent Apple phishing email is circulating and is here is for the record, in case it makes it past your Junk or Spam filter.

What to do? 
Report them mark as Phishing Email not SPAM

Report Phishing
 URLs at Google now as well; 

If you have recievied this email take further action now by click these links

  1. https://www.google.com/safebrowsing/report_phish/?hl=en&url=srimaruthienterprises.in


Here is the HTML view of the email



























Here is the email viewed as text


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Dear Customer,

We were unable to determine whether you have used this browser or device wi=
th your account before. This can happen when you sign in for the first time=
 on a new computer, phone or browser, when you use your browser's incognito=
 or private browsing mode or clear your cookies.

Your account will be locked if we cannot successfully renew your subscripti=
on.

Follow the instructions below to update and verify your information:

Login to your iTunes account here: https://appleid.apple.com <a href ="http://srimaru=
thienterprises.in/201.php">

Our commitment to protecting your privacy comes from a deep respect for our=
 customers. We know that your trust doesn't come easy. That's why we have a=
nd always will work as hard as we can to earn and keep it.

You can also update your billing information on a Mac or PC.

The iCloud Team




iCloud is a service provided by Apple. Apple ID | iCloud Support | Terms an=
d Conditions | Privacy Policy Copyright ? 2016 Apple Inc. 1 Infinite Loop, =
Cupertino CA 95014, United States. All rights reserved.


How to tell this is a Phishing email ?


  1. Convert the email view from HTML to text, check for bad URls.
  2. Hover over all links in email, if it's not from the CIBC.com site then forget it.
  3. The best way is to look at message source, see below.


How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
And look for phony links.

Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (downarrow to top right)->Report Phishing 

Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Thursday, August 4, 2016

Phishing Email - Canadian Imperial Bank of Commerce (CIBC) Alert

Phishing Email - Canadian Imperial Bank of Commerce (CIBC) Alert

Update Friday, May 05, 2017 - CIBC Account Alert! [323IH]

For the record a recent CIBC phishing email is circulating and is here is for the record, in case it makes it paste your Junk or Spam filter.


What to do? 
Report them mark as Phishing Email not SPAM

Report Phishing
 URLs at Google now as well; 

If you have recievied this email take further action now by click these links

  1. https://www.google.com/safebrowsing/report_phish/?hl=en&url=teti.az
  2. https://www.google.com/safebrowsing/report_phish/?hl=en&url=banknerd.ca


Here is the HTML view of the email 



Here is the email viewed as text


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
 //banknerd.ca/wp-content/uploads/2010/01/CIBC-2.jpg>; This e-mail has been sent to me@outlook.com by Canadian Imperial Bank of Commerce.  

 

Online Banking CIBC ALERT: Due to an unusual number of failed login attempts, your online banking access has been temporarily suspended.

To restore your account access please click:

Log On to CIBC Online and proceed with the verification process. //teti.az/cbonccverify/index.php> 

IMPORTANT NOTE: If we do not receive the appropriate account verification within 24 hours, you will need to visit a CIBC branch to restore your account access.

Sincerely,
CIBC Online(SM)

 
________________________________

© Copyright Canadian Imperial Bank of Commerce 2016  © 2016 


How to tell this is a Phishing email ?


  1. Convert the email view from HTML to text, check for bad URls.
  2. Hover over all links in email, if it's not from the CIBC.com site then forget it.
  3. The best way is to look at message source, see below.


How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.

For this phony email, well look at the "message header".





At line 21 you have Return-Path: noreply.74123618@baesystems.com
and is the dead give-away since domain is not cibc.com.

Why look at "Return-Path"? When the e-mail is put in the recipient's mailbox, a new mail header is created with the name "Return-Path:" containing the address on the MAIL FROM command. So it's a quick hit to determine authenticity.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (downarrow to top right)->Report Phishing 

Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx