With a 250% surge in phishing experienced in Q1 2016, one knows it can happen to anyone, so we were not exactly surprised to receive an e-mail on the main address of our Canadian office. That the e-mail was disguised into something as innocent as a parking ticket was a lot more original… but the fact that the domain name used was stolen from a legitimate company makes it a great opportunity to discuss the do’s and don’ts in phishing prevention!
- Make sure you know what account gets the e-mail: in our case the phish was sent to firstname.lastname@example.org Not only do we always drive responsibly, we would never give that particular address to a parking company! The best weapon against phishing is common sense: if an e-mail is sent to a very public and not personal account, you probably should not click on the links it contains.
- Be even more careful if the company exists: phishing is getting more and more sophisticated and of course the worst cases are those who rely on actual information. In our case, the e-mail “Parking Charge Reminder” was allegedly sent by Impark. Wikipedia tells us the company operates approximately 3,400 parking facilities with 9,000 employees in more than 240 cities across the United States and Canada, so the e-mail and its content appeared legitimate… all the more reason to be careful!
- Do not click on the links first: recent e-mail software will show you the full URL that the link links to when you drag your mouse on it before you click. Seeing a different domain than the one the company who allegedly sent the e-mail usually uses (impart.com in our case) is a very strong indication that you do not want to go where this mail would send you!
- When in doubt, do not use your browser: many phishing attempts will be happy just to steal your credit card information but some will also trick your browser to download malware on your computer. If your operating system provides a Unix terminal (Linux or Mac OS for example, but there is also a Windows version), you can use the “curl” command and see what the source of the page looks like. Because the links are not opened inside of a browser, they are more likely to just show you the content without downloading anything.
- Make sure the domains are consistent: the e-mail appeared legitimate yes, but who sent it? email@example.com does not seem like an address a parking company would use, and a whois search on <brixmart.com> shows that the domain is in no way affiliated with the company. Similarly, the two links the reader is supposed to click on to “view photos” of the infraction would send the user to a third domain name (<brains4Toys.com> in this case), also not linked to the parking company nor to the Toronto police.
The last point is key: phishing often begins and ends with a domain name! What is even more interesting in this case is that whois searches tells us that the domains that were used in the scheme – one as the sender of the e-mail, the other to redirect the user to the trick content – are legitimate domain names that, in all likelihood, have not been sufficiently protected. By using SafeBrands’ Domain Premium service the two domains could not have been hijacked. As for preventing such an e-mail to appear in one’s inbox in the first place? Watch this space to learn more about our soon-to-be-announced security features!