www.thesslstore.com
Open in
urlscan Pro
2606:4700:10::6816:32e
Public Scan
URL:
https://www.thesslstore.com/blog/12-days-of-phish-mas-a-festive-look-at-phishing-examples/
Submission: On December 11 via api from US — Scanned from DE
Submission: On December 11 via api from US — Scanned from DE
Form analysis
3 forms found in the DOMPOST https://www.thesslstore.com/blog/wp-comments-post.php
<form action="https://www.thesslstore.com/blog/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate="novalidate">
<p class="comment-notes">Your email address will not be published. We will only use your email address to respond to your comment and/or notify you of responses. Required fields are marked <span class="required" aria-required="true">*</span></p>
<p class="comment-form-comment"><label for="comment">Comment</label> <textarea id="comment" name="comment" cols="45" rows="8" maxlength="65525" required="required" aria-required="true"></textarea></p>
<p class="comment-form-author"><label for="author">Name <span class="required" aria-required="true">*</span></label> <input id="author" name="author" type="text" value="" size="30" maxlength="245" required="required" aria-required="true"></p>
<p class="comment-form-email"><label for="email">Email <span class="required" aria-required="true">*</span></label> <input id="email" name="email" type="email" value="" size="30" maxlength="100" required="required" aria-required="true"></p>
<p class="comment-form-url"><label for="url">Website</label> <input id="url" name="url" type="url" value="" size="30" maxlength="200"></p>
<p class="comment-form-comment-subscribe"><label for="cren_subscribe_to_comment"><input id="cren_subscribe_to_comment" name="cren_subscribe_to_comment" type="checkbox" value="on" checked="">Notify me when someone replies to my comments</label></p>
<p class="cptch_block"><span class="cptch_title">Captcha<span class="required" aria-required="true"> *</span></span><span class="cptch_wrap cptch_math_actions">
<label class="cptch_label" for="cptch_input_30"><span class="cptch_span">seven</span>
<span class="cptch_span"> + </span>
<span class="cptch_span">six</span>
<span class="cptch_span"> = </span>
<span class="cptch_span"><input id="cptch_input_30" class="cptch_input cptch_wp_comments" type="text" autocomplete="off" name="cptch_number" value="" maxlength="2" size="2" aria-required="true" required="required"
style="margin-bottom:0;display:inline;font-size: 12px;width: 40px;"></span>
<input type="hidden" name="cptch_result" value="bmP9"><input type="hidden" name="cptch_time" value="1639225874">
<input type="hidden" name="cptch_form" value="wp_comments">
</label><span class="cptch_reload_button_wrap hide-if-no-js">
<noscript>
<style type="text/css">
.hide-if-no-js {
display: none !important;
}
</style>
</noscript>
<span class="cptch_reload_button dashicons dashicons-update"></span>
</span></span></p>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" value="Post Comment"> <input type="hidden" name="comment_post_ID" value="15239" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
<p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="5ba14f64b1"></p>
<p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js" name="ak_js" value="1639225875974">
<script>
document.getElementById("ak_js").setAttribute("value", (new Date()).getTime());
</script>
</p>
</form>
POST #
<form action="#" method="post" novalidate="novalidate" _lpchecked="1" autocomplete="new-password">
<div class="tve_lead_generated_inputs_container tve_clearfix">
<div class="thrv_wrapper thrv-columns" style="--tcb-col-el-width:698.003;">
<div class="tcb-flex-row v-2 tcb--cols--2">
<div class="tcb-flex-col">
<div class="tcb-col">
<div class="tve_lg_input_container tve_lg_input tve_lg_regular_input tcb-plain-text tcb-no-clone tcb-icon-display" data-selector="#lg-kdq5si9m .tve_lg_regular_input:not(.tcb-excluded-from-group-item)" data-css="tve-u-155f7f56ed5c900"
style="" data-tcb_hover_state_parent="" data-label="tve-lg-1732e121cb3">
<div class="thrv_wrapper thrv_icon tcb-local-vars-root" style="" data-css="tve-u-165f7f56ed5c901"><svg class="tcb-icon" viewBox="0 0 24 24" data-id="icon-person-solid" data-name="">
<path fill="none" d="M0 0h24v24H0V0z"></path>
<path d="M12 12c2.21 0 4-1.79 4-4s-1.79-4-4-4-4 1.79-4 4 1.79 4 4 4zm0 2c-2.67 0-8 1.34-8 4v1c0 .55.45 1 1 1h14c.55 0 1-.45 1-1v-1c0-2.66-5.33-4-8-4z"></path>
</svg></div>
<input class="tcb-plain-text" type="text" data-field="name" name="name" placeholder="First Name" data-placeholder="First Name" style="" data-required="1" data-validation="">
</div>
</div>
</div>
<div class="tcb-flex-col">
<div class="tcb-col">
<div class="tve_lg_input_container tve_lg_input tve_lg_regular_input tcb-plain-text tcb-icon-display" data-selector="#lg-kdq5si9m .tve_lg_regular_input:not(.tcb-excluded-from-group-item)" data-css="tve-u-155f7f56ed5c900" style=""
data-tcb_hover_state_parent="">
<input class="tcb-plain-text" name="mapping_text_178" placeholder="Last Name" data-field="mapping_text" data-required="1" data-validation="" data-placeholder="Last Name" data-mapping="YTowOnt9" type="text" style="">
</div>
</div>
</div>
</div>
</div>
<div class="tve_lg_input_container tve_lg_input tve_lg_regular_input tcb-plain-text tcb-no-clone tcb-no-delete tcb-icon-display" data-selector="#lg-kdq5si9m .tve_lg_regular_input:not(.tcb-excluded-from-group-item)" style=""
data-tcb_hover_state_parent="" data-css="tve-u-155f7f56ed5c900" data-label="tve-lg-1732e147fef">
<div class="thrv_wrapper thrv_icon" data-css="tve-u-175f7f56ed5c905"><svg class="tcb-icon" viewBox="0 0 24 24" data-id="icon-email-solid" data-name="">
<path d="M20,8L12,13L4,8V6L12,11L20,6M20,4H4C2.89,4 2,4.89 2,6V18A2,2 0 0,0 4,20H20A2,2 0 0,0 22,18V6C22,4.89 21.1,4 20,4Z"></path>
</svg></div>
<input class="tcb-plain-text" type="email" data-field="email" data-required="1" data-validation="email" name="email" placeholder="Email" data-placeholder="Email" style="">
</div>
<div class="tve_lg_input_container tve_lg_input tve_lg_regular_input tcb-plain-text tcb-icon-display" data-selector="#lg-kdq5si9m .tve_lg_regular_input:not(.tcb-excluded-from-group-item)" data-label="tve-lg-1732e8bac96"
data-css="tve-u-155f7f56ed5c900">
<div class="thrv_wrapper thrv_icon" data-css="tve-u-185f7f56ed5c907"><svg class="tcb-icon" viewBox="0 0 512 512" data-id="icon-phone-alt-solid" data-name="">
<path
d="M497.39 361.8l-112-48a24 24 0 0 0-28 6.9l-49.6 60.6A370.66 370.66 0 0 1 130.6 204.11l60.6-49.6a23.94 23.94 0 0 0 6.9-28l-48-112A24.16 24.16 0 0 0 122.6.61l-104 24A24 24 0 0 0 0 48c0 256.5 207.9 464 464 464a24 24 0 0 0 23.4-18.6l24-104a24.29 24.29 0 0 0-14.01-27.6z">
</path>
</svg></div>
<input class="tcb-plain-text" name="phone" placeholder="Phone" data-field="phone" data-required="1" data-validation="" data-placeholder="Phone" type="text" style="">
</div>
<div class="thrv_wrapper tve-form-button tcb-local-vars-root tve-color-set" data-tcb_hover_state_parent="" data-selector="#lg-kdq5si9m .tve-form-button" data-button-style="btn-tpl-58383" data-css="tve-u-195f7f56ed5c908">
<div class="thrive-colors-palette-config" style="display: none !important"></div>
<a href="#" class="tcb-button-link tve-form-button-submit tcb-plain-text">
<span class="tcb-button-texts"><span class="tcb-button-text thrv-inline-text">Get the Checklist</span></span>
</a>
<input type="submit" style="display: none !important;">
</div>
</div>
<input id="_submit_option" type="hidden" name="_submit_option" value="redirect">
<input id="_sendParams" type="hidden" name="_sendParams" value="0">
<input id="_back_url" type="hidden" name="_back_url" value="https://www.thesslstore.com/blog/welcome-to-hashed-out/">
<input id="_api_custom_fields" type="hidden" name="_api_custom_fields"
value="YTo5OntpOjA7YToyOntzOjI6ImlkIjtzOjQ6Im5hbWUiO3M6MTE6InBsYWNlaG9sZGVyIjtzOjQ6Ik5hbWUiO31pOjE7YToyOntzOjI6ImlkIjtzOjU6InBob25lIjtzOjExOiJwbGFjZWhvbGRlciI7czo1OiJQaG9uZSI7fWk6MjthOjI6e3M6MjoiaWQiO3M6MTI6Im1hcHBpbmdfdGV4dCI7czoxMToicGxhY2Vob2xkZXIiO3M6NDoiVGV4dCI7fWk6MzthOjI6e3M6MjoiaWQiO3M6MTE6Im1hcHBpbmdfdXJsIjtzOjExOiJwbGFjZWhvbGRlciI7czozOiJVUkwiO31pOjQ7YToyOntzOjI6ImlkIjtzOjEzOiJtYXBwaW5nX3JhZGlvIjtzOjExOiJwbGFjZWhvbGRlciI7czo1OiJSYWRpbyI7fWk6NTthOjI6e3M6MjoiaWQiO3M6MTQ6Im1hcHBpbmdfc2VsZWN0IjtzOjExOiJwbGFjZWhvbGRlciI7czo4OiJEcm9wZG93biI7fWk6NjthOjI6e3M6MjoiaWQiO3M6MTY6Im1hcHBpbmdfY2hlY2tib3giO3M6MTE6InBsYWNlaG9sZGVyIjtzOjg6IkNoZWNrYm94Ijt9aTo3O2E6Mjp7czoyOiJpZCI7czoxNjoibWFwcGluZ190ZXh0YXJlYSI7czoxMToicGxhY2Vob2xkZXIiO3M6ODoiVGV4dGFyZWEiO31pOjg7YToyOntzOjI6ImlkIjtzOjE0OiJtYXBwaW5nX2hpZGRlbiI7czoxMToicGxhY2Vob2xkZXIiO3M6NjoiSGlkZGVuIjt9fQ=="><input
type="hidden" id="tve_mapping" name="tve_mapping" value="YToxOntzOjE2OiJtYXBwaW5nX3RleHRfMTc4IjthOjE6e3M6NjoiX2ZpZWxkIjtzOjEyOiJtYXBwaW5nX3RleHQiO319"><input type="hidden" id="tve_labels" name="tve_labels"
value="YTo0OntzOjQ6Im5hbWUiO3M6MTA6IkZpcnN0IE5hbWUiO3M6MTY6Im1hcHBpbmdfdGV4dF8xNzgiO3M6OToiTGFzdCBOYW1lIjtzOjU6ImVtYWlsIjtzOjU6IkVtYWlsIjtzOjU6InBob25lIjtzOjU6IlBob25lIjt9">
</form>
POST #
<form action="#" method="post" novalidate="novalidate" _lpchecked="1" autocomplete="new-password">
<div class="tve_lead_generated_inputs_container tve_clearfix">
<div class="thrv_wrapper thrv-columns" style="--tcb-col-el-width:698.003;">
<div class="tcb-flex-row v-2 tcb--cols--2">
<div class="tcb-flex-col">
<div class="tcb-col">
<div class="tve_lg_input_container tve_lg_input tve_lg_regular_input tcb-plain-text tcb-no-clone tcb-icon-display" data-selector="#lg-kdq5si9m .tve_lg_regular_input:not(.tcb-excluded-from-group-item)" data-css="tve-u-285f7f3112c33ee"
style="" data-tcb_hover_state_parent="" data-label="tve-lg-1732e121cb3">
<div class="thrv_wrapper thrv_icon tcb-local-vars-root" style="" data-css="tve-u-295f7f3112c33f0"><svg class="tcb-icon" viewBox="0 0 24 24" data-id="icon-person-solid" data-name="">
<path fill="none" d="M0 0h24v24H0V0z"></path>
<path d="M12 12c2.21 0 4-1.79 4-4s-1.79-4-4-4-4 1.79-4 4 1.79 4 4 4zm0 2c-2.67 0-8 1.34-8 4v1c0 .55.45 1 1 1h14c.55 0 1-.45 1-1v-1c0-2.66-5.33-4-8-4z"></path>
</svg></div>
<input class="tcb-plain-text" type="text" data-field="name" name="name" placeholder="First Name" data-placeholder="First Name" style="" data-required="1" data-validation="">
</div>
</div>
</div>
<div class="tcb-flex-col">
<div class="tcb-col">
<div class="tve_lg_input_container tve_lg_input tve_lg_regular_input tcb-plain-text tcb-icon-display" data-selector="#lg-kdq5si9m .tve_lg_regular_input:not(.tcb-excluded-from-group-item)" data-css="tve-u-285f7f3112c33ee" style=""
data-tcb_hover_state_parent="" data-label="tve-lg-173fe057b6c">
<input class="tcb-plain-text" name="mapping_text_178" placeholder="Last Name" data-field="mapping_text" data-required="1" data-validation="" data-placeholder="Last Name" data-mapping="YTowOnt9" type="text" style="">
</div>
</div>
</div>
</div>
</div>
<div class="tve_lg_input_container tve_lg_input tve_lg_regular_input tcb-plain-text tcb-no-clone tcb-no-delete tcb-icon-display" data-selector="#lg-kdq5si9m .tve_lg_regular_input:not(.tcb-excluded-from-group-item)" style=""
data-tcb_hover_state_parent="" data-css="tve-u-285f7f3112c33ee" data-label="tve-lg-1732e147fef">
<div class="thrv_wrapper thrv_icon" data-css="tve-u-305f7f3112c33f4"><svg class="tcb-icon" viewBox="0 0 24 24" data-id="icon-email-solid" data-name="">
<path d="M20,8L12,13L4,8V6L12,11L20,6M20,4H4C2.89,4 2,4.89 2,6V18A2,2 0 0,0 4,20H20A2,2 0 0,0 22,18V6C22,4.89 21.1,4 20,4Z"></path>
</svg></div>
<input class="tcb-plain-text" type="email" data-field="email" data-required="1" data-validation="email" name="email" placeholder="Email" data-placeholder="Email" style="">
</div>
<div class="tve_lg_input_container tve_lg_input tve_lg_regular_input tcb-plain-text tcb-icon-display" data-selector="#lg-kdq5si9m .tve_lg_regular_input:not(.tcb-excluded-from-group-item)" data-label="tve-lg-1732e8bac96"
data-css="tve-u-285f7f3112c33ee" style="">
<div class="thrv_wrapper thrv_icon" data-css="tve-u-315f7f3112c33f7"><svg class="tcb-icon" viewBox="0 0 512 512" data-id="icon-phone-alt-solid" data-name="">
<path
d="M497.39 361.8l-112-48a24 24 0 0 0-28 6.9l-49.6 60.6A370.66 370.66 0 0 1 130.6 204.11l60.6-49.6a23.94 23.94 0 0 0 6.9-28l-48-112A24.16 24.16 0 0 0 122.6.61l-104 24A24 24 0 0 0 0 48c0 256.5 207.9 464 464 464a24 24 0 0 0 23.4-18.6l24-104a24.29 24.29 0 0 0-14.01-27.6z">
</path>
</svg></div>
<input class="tcb-plain-text" name="phone" placeholder="Phone" data-field="phone" data-required="1" data-validation="" data-placeholder="Phone" type="text" style="">
</div>
<div class="thrv_wrapper tve-form-button tcb-local-vars-root tve-color-set" data-tcb_hover_state_parent="" data-selector="#lg-kdq5si9m .tve-form-button" data-button-style="btn-tpl-58383" data-css="tve-u-325f7f3112c33fa"
style="--tve-border-radius:5px;" data-button-size-d="xl">
<div class="thrive-colors-palette-config" style="display: none !important"></div>
<a href="#" class="tcb-button-link tve-form-button-submit tcb-plain-text" style="border-radius: 5px; overflow: hidden;">
<span class="tcb-button-texts"><span class="tcb-button-text thrv-inline-text">Get the Checklist</span></span>
</a>
<input type="submit" style="display: none !important;">
</div>
</div>
<input id="_submit_option" type="hidden" name="_submit_option" value="redirect">
<input id="_sendParams" type="hidden" name="_sendParams" value="0">
<input id="_back_url" type="hidden" name="_back_url" value="https://www.thesslstore.com/blog/welcome-to-hashed-out/">
<input id="_api_custom_fields" type="hidden" name="_api_custom_fields"
value="YTo5OntpOjA7YToyOntzOjI6ImlkIjtzOjQ6Im5hbWUiO3M6MTE6InBsYWNlaG9sZGVyIjtzOjQ6Ik5hbWUiO31pOjE7YToyOntzOjI6ImlkIjtzOjU6InBob25lIjtzOjExOiJwbGFjZWhvbGRlciI7czo1OiJQaG9uZSI7fWk6MjthOjI6e3M6MjoiaWQiO3M6MTI6Im1hcHBpbmdfdGV4dCI7czoxMToicGxhY2Vob2xkZXIiO3M6NDoiVGV4dCI7fWk6MzthOjI6e3M6MjoiaWQiO3M6MTE6Im1hcHBpbmdfdXJsIjtzOjExOiJwbGFjZWhvbGRlciI7czozOiJVUkwiO31pOjQ7YToyOntzOjI6ImlkIjtzOjEzOiJtYXBwaW5nX3JhZGlvIjtzOjExOiJwbGFjZWhvbGRlciI7czo1OiJSYWRpbyI7fWk6NTthOjI6e3M6MjoiaWQiO3M6MTQ6Im1hcHBpbmdfc2VsZWN0IjtzOjExOiJwbGFjZWhvbGRlciI7czo4OiJEcm9wZG93biI7fWk6NjthOjI6e3M6MjoiaWQiO3M6MTY6Im1hcHBpbmdfY2hlY2tib3giO3M6MTE6InBsYWNlaG9sZGVyIjtzOjg6IkNoZWNrYm94Ijt9aTo3O2E6Mjp7czoyOiJpZCI7czoxNjoibWFwcGluZ190ZXh0YXJlYSI7czoxMToicGxhY2Vob2xkZXIiO3M6ODoiVGV4dGFyZWEiO31pOjg7YToyOntzOjI6ImlkIjtzOjE0OiJtYXBwaW5nX2hpZGRlbiI7czoxMToicGxhY2Vob2xkZXIiO3M6NjoiSGlkZGVuIjt9fQ=="><input
type="hidden" id="tve_mapping" name="tve_mapping" value="YToxOntzOjE2OiJtYXBwaW5nX3RleHRfMTc4IjthOjE6e3M6NjoiX2ZpZWxkIjtzOjEyOiJtYXBwaW5nX3RleHQiO319"><input type="hidden" id="tve_labels" name="tve_labels"
value="YTo0OntzOjQ6Im5hbWUiO3M6MTA6IkZpcnN0IE5hbWUiO3M6MTY6Im1hcHBpbmdfdGV4dF8xNzgiO3M6OToiTGFzdCBOYW1lIjtzOjU6ImVtYWlsIjtzOjU6IkVtYWlsIjtzOjU6InBob25lIjtzOjU6IlBob25lIjt9">
</form>
Text Content
December 1, 2017 1,904,362 views HOW TO FIX ‘ERR_SSL_PROTOCOL_ERROR’ ON GOOGLE CHROME in Everything Encryption November 2, 2018 1,637,210 views 5 WAYS TO DETERMINE IF A WEBSITE IS FAKE, FRAUDULENT, OR A SCAM – 2018 in Hashing Out Cyber Security December 3, 2018 1,086,585 views RE-HASHED: HOW TO CLEAR HSTS SETTINGS IN CHROME AND FIREFOX in Everything Encryption September 30, 2017 923,492 views RE-HASHED: HOW TO FIX SSL CONNECTION ERRORS ON ANDROID PHONES in Everything Encryption November 9, 2018 663,346 views RE-HASHED: THE DIFFERENCE BETWEEN SHA-1, SHA-2 AND SHA-256 HASH ALGORITHMS in Everything Encryption October 7, 2017 457,747 views RE-HASHED: TROUBLESHOOT FIREFOX’S “PERFORMING TLS HANDSHAKE” MESSAGE in Hashing Out Cyber Security October 30, 2018 396,288 views HOW TO FIX THE SSL_ERROR_RX_RECORD_TOO_LONG FIREFOX ERROR in Everything Encryption June 26, 2019 392,814 views THE DIFFERENCE BETWEEN ROOT CERTIFICATES AND INTERMEDIATE CERTIFICATES in Everything Encryption December 19, 2018 359,200 views THE DIFFERENCE BETWEEN ENCRYPTION, HASHING AND SALTING in Everything Encryption November 3, 2020 332,712 views REHASH: HOW TO FIX THE SSL/TLS HANDSHAKE FAILED ERROR in Everything Encryption October 28, 2020 331,481 views HOW TO REMOVE A ROOT CERTIFICATE in Everything Encryption May 2, 2019 295,224 views HOW STRONG IS 256-BIT ENCRYPTION? in Everything Encryption June 4, 2019 286,062 views THIS IS WHAT HAPPENS WHEN YOUR SSL CERTIFICATE EXPIRES in Everything Encryption April 21, 2017 275,127 views BROWSER WATCH: SSL/SECURITY CHANGES IN CHROME 58 in Industry Lowdown December 18, 2020 267,169 views THE 25 BEST CYBER SECURITY BOOKS — RECOMMENDATIONS FROM THE EXPERTS in Hashing Out Cyber Security Monthly Digest September 23, 2017 254,350 views RE-HASHED: HOW TO TRUST MANUALLY INSTALLED ROOT CERTIFICATES IN IOS 10.3 in Everything Encryption May 7, 2019 237,095 views CIPHER SUITES: CIPHERS, ALGORITHMS AND NEGOTIATING SECURITY SETTINGS in Everything Encryption April 30, 2019 203,450 views TAKING A CLOSER LOOK AT THE SSL/TLS HANDSHAKE in Everything Encryption Monthly Digest April 29, 2021 181,116 views EXECUTING A MAN-IN-THE-MIDDLE ATTACK IN JUST 15 MINUTES in Hashing Out Cyber Security updated January 30, 2017 171,205 views HOW TO VIEW SSL CERTIFICATE DETAILS IN CHROME 56 in Industry Lowdown December 10, 2021 0 12 DAYS OF PHISH-MAS: A FESTIVE LOOK AT PHISHING EXAMPLES in Beyond Hashed Out Hashing Out Cyber Security November 30, 2021 1 ATTACKER EXPLOITS FBI WEBSITE VULNERABILITY TO SEND A HOAX EMAIL in Beyond Hashed Out Hashing Out Cyber Security November 22, 2021 0 HOW DO DIGITAL SIGNATURES WORK? A LOOK AT HOW A PKI SIGNATURE WORKS in Hashing Out Cyber Security Monthly Digest November 18, 2021 0 PUBLIC KEY SIGNATURE: WHAT IT IS & WHY IT’S EVERYWHERE in Hashing Out Cyber Security November 11, 2021 5 15 SMALL BUSINESS CYBER SECURITY STATISTICS THAT YOU NEED TO KNOW in Hashing Out Cyber Security Monthly Digest November 4, 2021 0 WHAT IS A KEY MANAGEMENT SERVICE? KEY MANAGEMENT SERVICES EXPLAINED in Hashing Out Cyber Security Monthly Digest October 27, 2021 2 WHAT IS A DEVICE CERTIFICATE? DEVICE CERTIFICATES EXPLAINED in Hashing Out Cyber Security October 19, 2021 0 19 CLOUD COMPUTING STATISTICS THAT WILL KEEP YOU AWAKE AT NIGHT in ssl certificates October 11, 2021 1 WHAT IS IOT SECURITY? INSIGHTS & TIPS FROM 11 IOT EXPERTS in Hashing Out Cyber Security October 8, 2021 1 4 TAKEAWAYS FROM DIGICERT’S 2021 PKI AUTOMATION STUDY in Beyond Hashed Out Industry Lowdown September 30, 2021 0 5 SITUATIONS IN WHICH CYBER LIABILITY INSURANCE WOULD BE HELPFUL in Beyond Hashed Out Hashing Out Cyber Security September 27, 2021 0 7 WEB APPLICATION SECURITY PRACTICES YOU CAN USE in Beyond Hashed Out September 22, 2021 1 WHAT IS A HARDWARE SECURITY MODULE? HSMS EXPLAINED in Everything Encryption Monthly Digest September 13, 2021 0 GROWING DEMAND FOR CUSTOM PKI SOLUTIONS CREATES NEW OPPORTUNITIES FOR IT PROVIDERS in Beyond Hashed Out Industry Lowdown Monthly Digest September 1, 2021 0 FILE-BASED WILDCARD VALIDATION GOES AWAY AFTER NOVEMBER in Beyond Hashed Out Industry Lowdown Monthly Digest August 30, 2021 0 30 INDUSTRY LEADERS MEET AT WHITE HOUSE & ANNOUNCE CYBERSECURITY INITIATIVES in Beyond Hashed Out Industry Lowdown Monthly Digest August 16, 2021 0 15 THINGS YOUR SMB CYBERSECURITY RISK ASSESSMENT SHOULD COVER in Beyond Hashed Out Hashing Out Cyber Security August 10, 2021 1 15 BRUTE FORCE ATTACK PREVENTION TECHNIQUES YOU SHOULD KNOW in Hashing Out Cyber Security Monthly Digest August 6, 2021 2 HOW TO GET A VERIFIED MARK CERTIFICATE (VMC) – THE ULTIMATE GUIDE in Everything Encryption Monthly Digest Resources July 26, 2021 0 WHAT IS A TPM IN SECURITY? TRUSTED PLATFORM MODULES EXPLAINED in Everything Encryption Hashing Out Cyber Security November 2, 2018 325 5 WAYS TO DETERMINE IF A WEBSITE IS FAKE, FRAUDULENT, OR A SCAM – 2018 in Hashing Out Cyber Security December 1, 2017 145 HOW TO FIX ‘ERR_SSL_PROTOCOL_ERROR’ ON GOOGLE CHROME in Everything Encryption September 30, 2017 134 RE-HASHED: HOW TO FIX SSL CONNECTION ERRORS ON ANDROID PHONES in Everything Encryption October 7, 2017 106 RE-HASHED: TROUBLESHOOT FIREFOX’S “PERFORMING TLS HANDSHAKE” MESSAGE in Hashing Out Cyber Security June 5, 2019 75 REPORT IT RIGHT: AMCA GOT HACKED – NOT QUEST AND LABCORP in Hashing Out Cyber Security May 26, 2020 73 CLOUD SECURITY: 5 SERIOUS EMERGING CLOUD COMPUTING THREATS TO AVOID in ssl certificates November 9, 2018 64 RE-HASHED: THE DIFFERENCE BETWEEN SHA-1, SHA-2 AND SHA-256 HASH ALGORITHMS in Everything Encryption December 3, 2018 64 RE-HASHED: HOW TO CLEAR HSTS SETTINGS IN CHROME AND FIREFOX in Everything Encryption June 26, 2019 46 THE DIFFERENCE BETWEEN ROOT CERTIFICATES AND INTERMEDIATE CERTIFICATES in Everything Encryption October 28, 2017 44 RE-HASHED: HOW TO DISABLE FIREFOX INSECURE PASSWORD WARNINGS in Hashing Out Cyber Security December 19, 2018 43 THE DIFFERENCE BETWEEN ENCRYPTION, HASHING AND SALTING in Everything Encryption May 7, 2019 43 CIPHER SUITES: CIPHERS, ALGORITHMS AND NEGOTIATING SECURITY SETTINGS in Everything Encryption June 4, 2019 42 THIS IS WHAT HAPPENS WHEN YOUR SSL CERTIFICATE EXPIRES in Everything Encryption December 17, 2018 38 ANATOMY OF A SCAM: WORK FROM HOME FOR AMAZON in Hashing Out Cyber Security May 2, 2019 33 HOW STRONG IS 256-BIT ENCRYPTION? in Everything Encryption August 20, 2019 30 THE TOP 9 CYBER SECURITY THREATS THAT WILL RUIN YOUR DAY in Hashing Out Cyber Security September 23, 2017 29 RE-HASHED: HOW TO TRUST MANUALLY INSTALLED ROOT CERTIFICATES IN IOS 10.3 in Everything Encryption January 30, 2017 28 HOW TO VIEW SSL CERTIFICATE DETAILS IN CHROME 56 in Industry Lowdown March 20, 2017 27 PAYPAL PHISHING CERTIFICATES FAR MORE PREVALENT THAN PREVIOUSLY THOUGHT in Industry Lowdown March 6, 2017 27 A CALL TO LET’S ENCRYPT: STOP ISSUING “PAYPAL” CERTIFICATES in Industry Lowdown The most informative cyber security blog on the internet! Notice: By subscribing to Hashed Out you consent to receiving our daily newsletter. * Most Viewed * Latest * Most Commented * About Us * The Hashed Out Team * Casey Crane * Jay Thakkar * Ross Thomas * Adam Thompson * Patrick Nohe * About The SSL Store™ * Resource Library * Email Security Best Practices – 2019 Edition * Certificate Management Best Practices Checklist * The Challenges Of Enterprise Certificate Management * Write for Hashed Out * Shop * About Us * The Hashed Out Team * Casey Crane * Jay Thakkar * Ross Thomas * Adam Thompson * Patrick Nohe * About The SSL Store™ * Resource Library * Email Security Best Practices – 2019 Edition * Certificate Management Best Practices Checklist * The Challenges Of Enterprise Certificate Management * Write for Hashed Out * Shop 12 Days of Phish-mas: A Festive Look at Phishing Examples (1 votes, average: 5.00 out of 5, rated) Loading... * Facebook * Twitter * Google + * LinkedIn * Mail December 10, 2021 0 12 DAYS OF PHISH-MAS: A FESTIVE LOOK AT PHISHING EXAMPLES in Beyond Hashed Out, Hashing Out Cyber Security THE HOLIDAYS ARE SYNONYMOUS WITH COLD WEATHER, GOOD FOOD, AND SPENDING TIME WITH FAMILY. BUT FOR CYBERCRIMINALS, IT’S A LUCRATIVE TIME OF THE YEAR FOR PHISHING ATTACKS. WE’LL EXPLORE MORE THAN A DOZEN PHISHING EXAMPLES YOU CAN LEARN FROM TO AVOID FALLING FOR CYBER SCAMS IN THE 2021 HOLIDAY SEASON (AND IN THE YEAR 2022 TO COME)! It’s that time of the year: Christmas decorations can now be found virtually everywhere you go and holiday sales abound online. But this time of the year also has a dark side — it represents a great opportunity for cybercriminals to carry out phishing scams on unsuspecting holiday shoppers. According to Barracuda, the holidays are a time when phishing-related cybercrimes spike. Their data shows that in 2020, spearphishing attacks increased by more than 150% above average in the days leading up to Christmas and then those rates fell significantly following the holiday. But the reality is that phishing scams aren’t limited to just the holiday season, and they’re not limited to targeting only shoppers. It’s no surprise that cybercriminals love to use phishing scams as a way to take advantage of unsuspecting or cyber ignorant users. As I recently discussed in a recent interview with PrivateInternetAccess.com, cybercriminals love to focus on the “soft” targets within your business — people they can trick, coerce, or manipulate into making a big mistake (such as giving them your login information or making a fraudulent payment to them). But what are some common signs of phishing? We’ll explore phishing email examples and other common scams you’re likely to receive via phone calls (vishing) and text messages (smishing) long after the holiday season has passed. We’re only going to share 1-2 examples for each topic because this article will otherwise get out of control very quickly. With all of this in mind… Let’s hash it out. The weather outside is frightful — and so are the grammar, spelling, and punctuation found in many phishing messages. Bad writing is one of the most obvious indicators of a phishing email or text; these scammers often don’t speak English as a primary language. Even if they are native English speakers, they tend to not put much effort into creating these messages. In many cases, they can’t even be bothered to create content with consistent designs or colors. Sending out general phishing messages is largely a numbers game — it’s about hitting as many targets as possible while expending the least amount of effort. If an attacker sends out a general phishing message to 10,000 users, a handful of people may fall for it and that number may be profitable enough to make their minimal effort worthwhile. Here’s a look at an example of a poorly written email phishing message I recently received: First, you’ll probably notice the lack of Rackspace branding in the message. Next, you’ll likely notice the apparent brain aneurysm they had while adding the mix of colors and typefaces to the message. Yeah, that’s pretty hinky and definitely off-brand. But if all of that wasn’t enough, you’ll then probably notice the typos and use of non-ASCII characters. (Speaking of, look at that email subject line: Email IQ Upgrade… yup, cracked me up, too!) All of these things combined is sure to scream “phishing scam email!” But, of course, there are some other obvious issues here as well when you look at the message a little more closely: One glaring giveaway is that they embedded a link to a blatantly phony phishing website. This clearly indicates that the message didn’t come from Rackspace because, if it did, it would have included a link to Rackspace’s official website. The cherry on top for me is that they made the interesting choice of sending the email to me while pretending to be me. However, they used an email address that clearly doesn’t belong to me or The SSL Store. Umm… yeah. They didn’t think I’d realize that I wouldn’t send an email like that to anyone, let alone myself? Yeah… SMH. But enough about that — let’s quickly look at another example of a poorly written phishing email: Goodness — where do I begin? “Jose” here seems very confused regarding… well, just about everything. 1. The unsolicited email comes from an entirely unrelated email account. (The sender’s display name is Jose yet the email comes from a “simon” email address.) 2. The message is trying to entice and coerce me into responding by promising millions of dollars 3. Typos, punctuation issues, and poor grammar abound in this phishing example email. 4. Jose describes himself both as “not a jealous woman” and a single father of three kids… in the same sentence! Forget the hippopotamus — this scammer should be hoping to receive a subscription to Grammarly for Christmas! ON THE SECOND DAY OF PHISH-MAS, A HACKER SENT TO ME… 2 PHONY COPYRIGHT EMAILS Scammers love trying to find new ways to scam people and their activities aren’t limited to just the holidays. In many cases, they’re content to simply slap a new shade of lipstick on the same pig. Rather than reinventing the wheel by coming up with entirely new scams, they’ll instead change up their storylines or tactics for old ones. One such example is the ongoing copyright infringement scam. This type of phishing scam involves an attacker sending you an email that falsely claims that you’ve committed some type of copyright infringement by using one of their images without their permission. The goal here is typically one of two things: 1. To trick you into clicking on a phishing or malicious link, or 2. To get you to link to their fake website, which helps their scam site gain higher domain authority (i.e., better rankings on Google and other search engines). Let’s take a quick peek at one such example I recently received: In this phishing example, the threat actor poses as a copyright notice organization and claims that we’ve used an image without their client’s approval. But there are two key issues with this: 1. Their vague email doesn’t specify which image specifically we’ve allegedly used — and their apparent remedy is for us to add a link to their site’s home page as attribution to the unspecified image. 2. Let’s consider the links. The first link they include leads to the homepage of the described website, but the second link is a clear phishing link. If I click on it, it’s possible that my device could become infected with malware. No, thanks. I’m pretty sure our IT admin doesn’t want to spend his holiday season wiping malware and fixing other issues that would be caused by me or any other employees who fall for such scams… ON THE THIRD DAY OF PHISH-MAS, A HACKER SENT TO ME… 3 URGENT MESSAGES Urgent messages and phishing scams go together like coal and Santa’s naughty list. Creating a sense of urgency, fear, panic, excitement, or by eliciting other emotional responses is a tactic that’s commonly used in social engineering scams. The idea here is that if the attacker can do something to trick, provoke or coerce you into clicking on a phishing link, sending them sensitive information, or calling them on the phone. Let’s take a quick look at a Microsoft subscription phishing email that one of my colleagues received: The example above is an invoice phishing message that’s designed to look like an official Microsoft message. However, unlike most of the phishing examples we share in this article, this one is a bit different in that these email scams typically turn into vishing scams as well. Here, the attacker uses urgent language to prompt you to call them right away, stating you only have 72 hours to request a refund. Why bother with the phone number? It’s because they want to get you on the line so they can try to get you to do one of the following: * Make a payment over the phone, * Share credit card, bank account, or personal information over the phone, or * Direct you to download remote desktop software that gives them access to your device (and any networks and other devices its connected to). ON THE FOURTH DAY OF PHISH-MAS, A HACKER SENT TO ME… 4 MALICIOUS ATTACHMENTS Malicious email attachments are seemingly as plentiful as snowflakes in the winter. They’re found everywhere and are just as annoying as snow when you’re leaving for work and discover your freshly shoveled driveway has been snowplowed in. But unlike a snowplow, which creates a frustrating situation, malicious email attachments are dangerous and pose a threat to your data, device, network, customers and company as a whole. Let’s consider the following example: In the phishing example above, I received a fake request for a quote that contains a potentially malicious Microsoft Office file attachment. Office files, including Word docs and Excel spreadsheets, are commonly used to spread malware and embedded phishing links via email. In fact, SonicWall’s research shows that weaponized Microsoft Office files increased 67% in 2020. What makes these file attachments potentially so dangerous? These attachments may install malware onto your device that can do everything from stealing your login or baking account information to encrypting your data and locking your device. Furthermore, businesses typically don’t block these files because they’re commonly used and shared by employees in their day-to-day jobs. As such, it’s best to avoid these issues altogether by not engaging with any attachments in suspicious emails and by not opening unsolicited emails from unknown individuals in general. ON THE FIFTH DAY OF PHISH-MAS, A HACKER SENT TO ME… 5 LINKS TO PHISHING WEBSITES Here come phishing links, here come malicious links — we receive them every day! … Yes, I’ve got so many different cybersecurity-themed parodies of Christmas carols and songs floating through my head right now that it’s not even funny. Sorry. As you’ll see with the following screenshots of phishing examples, there’s typically a lot of overlap in email phishing examples in terms of certain attributes to look out for. For example: * Phishing emails frequently have mismatched or incorrect information in the “From” sender field. * Many different types of phishing messages include links to phony websites or legitimate websites that have been hacked and are controlled by the attacker. With this in mind, let’s explore the first of our two phishing examples of emails that tried to direct me to visit their highly suspect websites: The goal here is to get me to click on the “Download Attachment” phishing link that’s designed to look like a button. Doing so will take me to a site where the attacker will try to coerce me to log in so they can steal my credentials. This next example, shown below, is much the same. The email is designed to look like a Microsoft Office 365 and provides a link under the guise of having important information for you to access. However, if you look at that URL, you’ll quickly see how illegitimate it really is. I’m quite certain that Office 365 wouldn’t be using legitimate URLs that contain “XXX” in the web address… ON THE SIXTH DAY OF PHISH-MAS, A HACKER SENT TO ME… 6 REQUESTS FOR DATA Cybercriminals love data and will do everything within their power to get their hands on it. And we can assure you — they’re not looking for a Naughty and Nice list to become Santa’s little helpers. Having access to your most sensitive data — login credentials, employee records, customer contact lists, intellectual property, personally identifiable information, etc. — gives them many reasons to celebrate. If you unknowingly send customers’ or employees’ personally identifying information (PII) to cybercriminals, the effects of that mistake can be felt for years to come in the form of: * Identity theft issues, * Non-compliance fines and penalties, * Lawsuits, and * A spoiled reputation and brand image. Let’s take a look at a phishing email that one of my colleagues received that requested her personal sensitive information: This is an email that’s listed as coming from the Federal Reserve Bank Wisconsin Branch and contains a message saying that she’s they’ve been trying to get in touch with Marina about some money she’s allegedly to receive as someone’s beneficiary. Hmm, promises of unexpected riches — definitely a big red flag. In the following screenshot, we can see that the message is sent from an email address that’s clearly not part of the Federal Reserve Bank of Wisconsin. (It’s a Gmail address belonging to someone whose name is Serah.) That’s red flag number two. The contents of the unsolicited message are written to seem urgent, saying she’s the beneficiary of millions of dollars since an unnamed customer died and left her the money. That’s red flag number three. Next, the email states that they require her to share highly personal information — Marina’s name, age, contact information, and even a copy of her driver’s license — in order for their institution to process the funds. BIG red flag number four. Finally, the email directs Marina to respond to a completely separate email address than the one that the email was sent from originally. The message even goes as far as to try to create a phony air of security — it states that if she receives a message from anyone else regarding the matter, the messages should be “nullified and avoided immediately for security reasons.” Red flag number five. ON THE SEVENTH DAY OF PHISH-MAS, A HACKER SENT TO ME… 7 REQUESTS FOR PAYMENT Everyone loves a little extra green in their pockets during the holidays, and cybercriminals are no different. They want to scam people and companies out of as much money as they can while expending the least amount of energy possible. In some cases, this involves tricking people into making wire transfers for fraudulent transactions — in others, cybercriminals get users to purchase and provide the codes for pre-paid gift cards or get them to make other phony purchases on their behalf. Some requests for payment come in the form of fake invoices and account statements. Here’s one such example that I received back in 2020: … Yeah, I’m pretty sure we don’t have any “logistics” services rendered for us from a cargo-related corporation considering that we sell digital certificates. And, even if we did, I certainly wouldn’t be the person handling paying said invoices! Needless to say, there are some other obvious giveaways that this is a phishing email — an unsolicited message containing a suspicious attachment, poor grammar, and a request for immediate payment. But at least with this email, they were consistent in representing themselves as this specific sea and air transport corporation. (They even bothered to send it from an email address that actually has “accounting” in it!) However, I’m not falling for this obvious ruse, and neither should you. This is where flexing your critical thinking skills comes into play. Let’s take a look at another email that one of my colleagues received — this one falls within the “phony purchases” category we mentioned earlier: As you probably guessed, this guy definitely isn’t Santa’s little helper. This scam email is just one more additional message on our ever-growing list of phishing examples. * The SSL Store is a small business — everybody pretty much knows everyone else here. * Since all employees receive cyber awareness training, they are aware of phishing scams like this where someone tried to pose as the CEO or another company executive. (More on that momentarily.) * My colleague, Jacqueline, was able to quickly look at this email and know that it wasn’t sent by Robert Walters. * She also knew that there was no reason why someone in that position would have any expectation of her making purchases on behalf of the company. Nice try, poser. But none of us is taking the bait. ON THE EIGHTH DAY OF PHISH-MAS, A HACKER SENT TO ME… 8 EMAILS FROM YOUR BOSS This next topic of our list of phishing examples follows the last perfectly. It’s quite common for phishing emails to be sent by someone impersonating an authority figure within your organization. This could be a middle-level manager, a c-suite executive, or even a board member. Regardless of which rank they try to pull, you must know what to look out for to avoid getting scammed. In the time since I started working here at The SSL Store, I’ve received a multitude of phishing emails from schmucks who’ve pretended to be everyone from the company’s founder, CEO, or vice presidents. (By the way, this is known as CEO fraud.) But what do these types of messages look like? Well, the truth is that these messages can actually span several of the categories we cover in this article. Let’s quickly explore a phishing example that we haven’t shared yet on Hashed Out: The first thing to notice here is the email address. It’s coming from an account with the name “markrobinson,” which is clearly not his name, and it’s also coming from a Gmail account. Gmail accounts are free, easy, and fast to create — three qualities that every cybercriminal finds very appealing. Second, the message is written with highly urgent language. (Look at the subject line.) Remember what we talked about earlier? It’s all about instigating an emotional reaction from the email recipient so they’ll do what’s asked without pausing to ask if they should. The last thing to note is that the imposter is trying to direct me to provide my personal cell phone to him. This is a big no-no because it can be used for a litany of purposes, including: * Sending me malicious links via SMS text message, * Spoofing my legitimate phone number to try to phish one of my colleagues or family members, and * SIM swapping attacks that involve the attacker using personal information they collect about me to try to gain access to my phone number through my cell phone provider. ON THE NINTH DAY OF PHISH-MAS, A HACKER SENT TO ME… 9 HR & PAYROLL EMAIL SCAMS Poor Nellie. As you can imagine, our ever-jolly office manager receives a lot of these phishing messages. Payroll fraud and other related phishing scams typically target employees in accounting, payroll and human resources. As such, it’s a good thing she knows what to look out for when it comes to recognizing phishing email scams. Nellie’s also savvy enough to know that if she receives unsolicited email requests regarding changes to any employees’ payroll information, she should reach out to the employee directly using other channels (such as by making a phone call or walking down to hall to speak to the person directly). She knows better than to respond to the suspected phishing email! But what does a payroll diversion scam email actually look like? Let’s take a look at an old example email she received a while ago from someone pretending to be our vice president of sales: This type of email is designed to trick her into changing Kyle’s direct deposit information to a phony account controlled by the attacker. However, as you can see from the email address that starts with “cf90910,” that’s definitely not an email address for one of our vice presidents. Thankfully, Nellie’s aware of these types of tricks and simply forwarded it to me as an example of the types of HR payroll email phishing examples people should look out for. If she didn’t know what to look out for, it’s likely that she could have made the mistake of responding to the email directly. This would have resulted in a lot of problems for Kyle, Nellie, and our company as a whole. When you receive a questionable email, it’s always best to reach out to that person directly through other channels to confirm the message’s legitimacy. Of course, another favorite of mine was this email, which attempts to catch me off guard and scare me into clicking on the embedded link: Okay, there are so many things wrong here: 1. The email comes from an unknown name that doesn’t match the sender’s email address information. 2. No self-respecting company would fire an employee this way. The SSL Store definitely wouldn’t do it this way! 3. It’s full of poorly written text that doesn’t even write the name of our company correctly and is signed “Kayla Wood Head Office Notification.” … Say, what? 4. The embedded link goes to a bit.ly URL that, when expanded out, would take me to an equally fake website. ON THE 10TH DAY OF PHISH-MAS, A HACKER SENT TO ME… 10 ROMANCE SCAM OUTREACHES It’s hard to be in a holly-jolly mood knowing that romance scams are affecting people around the world at this very moment. While these scams aren’t new, they’re among the worst (in my book) because they target vulnerable individuals in the most personal ways possible to exploit their emotions and steal their savings. The FBI’s Internet Crime Complaint Center (IC3) reports that more than $600 million was reported lost by 23,751 victims of confidence fraud/romance scams in 2020 alone. Now, keep in mind that this estimate only includes reported incidents and doesn’t include the, undoubtedly, countless others that went unreported because the victims were unaware that they were being scammed or were too embarrassed to report the crimes. Romance scams vary but often generally involve the following: * A cybercriminal targets someone who’s recently single, widowed, or is otherwise lonely. The idea here is that because they may be emotionally vulnerable, they’re easier to exploit. These phishing examples typically come via emails, text messages, and social media outreaches. * A bad guy pretends to be a prospective romantic interest. Here, the attacker might pose as a prospective suitor to win over the victim’s trust and to isolate them from their legitimate friends and family. They also may pretend to have incriminating or private information about the victim that they can use as blackmail. * An attacker pretends to be a friend or relative of the victim. While posing as the relative, the attacker will reach out (typically via email, phone call or text message) to say that they’re in some type of emergency situation and need immediate financial help from the victim. So, what does one of these types of phishing examples look like? Here’s an example from ScamWatch at the Australia Competition & Consumer Commission (ACCC): Image source: Australian Competition & Consumer Commission (ACCC). You have to click the “Example to chat privately” link in the insert section to view this image. Now, imagine if someone used one of these scams to get one of your employees to send them company money or to provide access to secure company resources. All hell will break loose, and your organization and customers will be the ones left paying the price as a result. Needless to say, someone definitely should be getting far worse than coal in their stocking for sending these types of phishing messages… ON THE 11TH DAY OF PHISH-MAS, A HACKER SENT TO ME… 11 EXTORTION EMAILS For cybercriminals, nothing brings out the holiday spirit and festive cheer quite like extortion. Many Bitcoin phishing extortion scams, for example, involve cybercriminals demanding crypto payments in exchange for not sending allegedly incriminating or embarrassing information, photos or video footage of you to your employer, friends, and family members. Other extortion scams involve a bad guy demanding your employee do something bad as a way to get them from spilling the bad information. One example would be targeting a cell phone provider employee to get them to carry out SIM swapping by porting legitimate customers’ phone numbers to devices controlled by the cybercriminal. But how do they achieve this? A few examples of cyber extortion scams include: * Saying they’ve exploited some kind of vulnerability that gave them access to your device browser history, camera, and/or microphone. * Claiming they have video recording(s) of you doing inappropriate things (such as visiting child pornographic websites). * Saying they have other allegedly incriminating about you that you can’t risk becoming known publicly. Now, mind you, these scams are typically hogwash because they’re targeting a bunch of users at once with the hope that at least one of them is secretly being naughty and doesn’t want to get caught. However, all it takes is one employee being afraid and not wanting to risk their secret getting out to lead to your organization or customers becoming compromised. Here’s one such example that one of my former colleagues received a while ago: In this case, the attacker claims to have exploited the Zoom zero day vulnerability that was all over the news around that time. They claim to have used that exploit to gain access to your Zoom app, where they could record you doing naughty things — and if you hand over $2,000 in Bitcoin, they’re going to share the footage with everyone you know. … Ho, ho, ho, indeed. ON THE 12TH DAY OF PHISH-MAS, A HACKER SENT TO ME… 12 ACCESS REQUESTS TO RESOURCES Alright, it’s time to wrap up this list of not-so-merry phishing examples. This type of phishing scam is one of the most brazen. It involves an attacker trying to trick or manipulate you into giving them direct access to your device, secure resources, or organization’s IT systems. * If you give them access to secure resources (such as databases, web apps, admin portals and drives), then they can use that access to alter, steal or delete your most sensitive data. * If they gain access to your device, they can then use that access as a foothold on your organization’s network. * Lastly, if they gain access to your network, then they can use it to search for misconfigurations and other vulnerabilities they can exploit. So, what do these phony requests for access look like? Here’s a quick example: (Note: The screenshot above and below are not legitimate phishing emails. I created both specific phishing example images for the purpose of this educational article). At a quick glance, it looks like it could be an email from my director. However, the email address clearly gives it away because: * It’s not his work email address (which wouldn’t be a Gmail account), and * He’d never ask me for this type of sensitive information because he knows it’s a security risk. In this type of situation, I know the best thing to do would be to reach out to him directly through another trusted method (regardless of the email statement saying not to call him). Adam and I both know that I’d 100% need to confirm this type of request directly and would never simply hand over such secret information in response to such an unexpected (and urgent) email request. Every employee helps to form your company’s strongest or weakest line of defense — the difference often boils down to whether they have the cyber security awareness to recognize and avoid phishing scams and other cyber threats. FINAL THOUGHTS ON THE 12 DAYS OF PHISH-MAS PHISHING EXAMPLES We hope you’ve found this article enlightening and useful in terms of learning what phishing scams look like, so you know what to avoid in the future. Data security and online safety rely on people being aware of different types of threats and scam tactics. If you don’t know what you don’t know, how can you help keep yourself, your company, or your customers and data safe from cybercriminals? Simply put, you can’t. This is why it’s essential to invest the time, energy, and focus in educating yourself and your employees so they know how to recognize and respond to phishing attempts. Furthermore, have the right tools and resources in place to help make the process easier. For example, use email signing certificates within your organization to ensure that your team is sending digitally signed, verifiable emails. Using these certificates means that the email sender has to have access to that user’s device and email client to send the message. Here are some additional resources that you may find useful: * An email header analyzer tool * A URL and/or File Analyzer tool * Our article on 5 Ways to Determine If a Website Is Fake, Fraudulent or a Scam * FTC’s website on How to Recognize and Avoid Phishing Scams * Google and JigSaw’s Phishing Quiz * #phishing * #Phishing Examples BE THE FIRST TO COMMENT LEAVE A REPLY CANCEL REPLY Your email address will not be published. We will only use your email address to respond to your comment and/or notify you of responses. Required fields are marked * Comment Name * Email * Website Notify me when someone replies to my comments Captcha * seven + six = Δ AUTHOR CASEY CRANE Casey Crane is a regular contributor to (and managing editor of) Hashed Out with 15+ years of experience in journalism and writing, including crime analysis and IT security. Casey also serves as the Content Manager at The SSL Store. RECENT POSTS * 12 DAYS OF PHISH-MAS: A FESTIVE LOOK AT PHISHING EXAMPLES December 10, 2021 * ATTACKER EXPLOITS FBI WEBSITE VULNERABILITY TO SEND A HOAX EMAIL November 30, 2021 * HOW DO DIGITAL SIGNATURES WORK? A LOOK AT HOW A PKI SIGNATURE WORKS November 22, 2021 * PUBLIC KEY SIGNATURE: WHAT IT IS & WHY IT’S EVERYWHERE November 18, 2021 * 15 SMALL BUSINESS CYBER SECURITY STATISTICS THAT YOU NEED TO KNOW November 11, 2021 FOLLOW US FREE EBOOKS EMAIL SECURITY BEST PRACTICES – 2019 EDITION Download Now CERTIFICATE MANAGEMENT BEST PRACTICES CHECKLIST Download Now BUYER ZONE * Extended Validation Cert * Domain Vetted Cert * Organization Certificates * Server SSL Certificates * Email & Documents Signing * Free Tools * Compare SSL Certificates * Request for Quotation PARTNER WITH US * Partner Program Overview * Reseller Program * Affiliate Program * API & Integrations * WHMCS Module * AutoInstall SSL * Strategic Partnerships * Custom Integration ABOUT US * About Us * Blog * SSL Clients * Case Studies * Why Choose Us * SSL Videos * Resources 24/7 HELP ZONE * SSL Support * Manage Your Account * FAQ * Help with EV * Request a Callback * Site Map * Contact Us * SSL Installation Service The SSL Store™ | 146 2nd St. N. #201, St. Petersburg, FL 33701 US | 727.388.4240 Copyright © 2021 The SSL Store™. All Rights Reserved. * Privacy Policy * Disclaimer * Refund Policy BEST 14 TIPS... FOR EASY CERTIFICATE MANAGEMENT * Stop expensive data breaches, expired certificates, browser warnings & security lapses before they happen. * Yahoo, Facebook & LinkedIn could have saved millions by simply following this 14 point checklist. * Finally remove all the guess work out of managing security certificates. Get the Free PDF x Download Pending... Info missing - Please tell us where to send your free PDF! Get the Checklist Contact details collected on Hashed Out may be used to send you requested information, blog update notices, and for marketing purposes. Learn more... x BYE, BYE DOWN TIME. GET OUR PROVEN CERTIFICATE MANAGEMENT 14 POINT CHECKLIST AND WAVE GOODBYE TO DOWN TIME AND SECURITY BREACHES. Info missing - Please tell us where to send your free PDF! Get the Checklist Contact details collected on Hashed Out may be used to send you requested information, blog update notices, and for marketing purposes. Learn more...