Is it a Phish? May the Fourth Be With You Edition

Welcome back to another episode of Is it a Phish? With today being Star Wars Day (May 4), we have decided to spice this up just a little bit by adding in a special themed lure in just for Sandy. Ah spoilers, it looks like you’re getting one freebie this week.

Last week our office manager achieved the first perfect score, and we hope to gain a streak going with Sandy, our Scrum Master.

As you are aware, phishing is certainly not a new cyber threat, yet it continues to be one of the most pervasive and costly to businesses and consumers. With nearly endless examples, we have decided to develop a new series that not only highlights some of these attacks, but helpful tips along the way for spotting them. Each week we’ll be looking through phish that are reported by our clients, shared on Twitter, or even sent to us, and then one PhishLabs employee will be put to the test to decide: is it a phish?

Have some good examples of phishing lures, sites, or even suspicious spam emails? Send a screenshot to us on Twitter and we may include it in a future episode.

Is it a Phish?

The Results

Spoilers ahead! Don’t read on if you plan on playing along.

So how did Sandy do? He had a solid score of 4 – 1, but our perfect streak will have to live on for another day.

Email One: Darth Vadar has invited Sandy to a free showing of the upcoming Solo film! But wait, something feels very odd about this. Sandy correctly identified this to be a phish, primarily due to the domain in the link using off-brand spelling errors. Clearly it had nothing to do with Vadar sending him a personal invite.

Website One: Is it your Dropbox login or something malicious? Sandy correctly spotted that this is a phishing site, even though the site looks very convincing. Both the URL and lack of HTTPS in Chrome highlight that something is very off here.

Email Two: There is nothing quite like playing a long, monotonousness game of farming simulators, and now they are offering a free in-game goat! Unfortunately Sandy felt that the goat was a bit too sketchy and labeled it as suspicious, but it was just a legitimate or spam email (depending on your virtual goat preference).

Website Two: Occasionally you need to securely sign or transfer documents, and DocuSign is one of the more popular platforms to do so. This particular lure is highly convincing, but like the Dropbox phishing site, it too had a strange URL and lacked the HTTPS label. In our recently published Phishing Trends and Intelligence Report, DocuSign was identified as one of the two largest SaaS brands being targeted by threat actors.

Twitter Promoted Tweet: Although Sandy is not much for Twitter, we tossed him a challenging promoted tweet. Is it a Phish? Unfortunately for Twitter, it certainly is. Last January news broke of threat actors abusing the promoted tweet feature to socially engineer poor unsuspecting Twitter users to pay a fee and get their account verified. Much like the reason we still to this day see phishing emails, the tactic is back, but Twitter did promptly suspend the account. Sandy was able to use his skills to identify that the URL still looked.. phishy, and therefore correctly labeled it as such.

Did you receive a phishing lure or stumble upon a phishing site? Send it to us on Twitter and we can include it in our next edition of Is it a Phish?



*** This is a Security Bloggers Network syndicated blog from The PhishLabs Blog authored by Elliot Volkman. Read the original post at: https://info.phishlabs.com/blog/may-the-fourth-be-with-you-star-wars-phish