The other day, I warned you about a sneaky scam I found in my inbox and how to tell it was a fake. It was a good example of how clever some scammers are and how they can trick you out of your information.
Just two days later, however, this doozy showed up in my husband's email. It's even trickier than the last one, and you really have to see it to believe it because it might happen to you, too. I'll also show you what happens if you're tricked into clicking on the link.
Here's the text of the phishing email itself:
Date: Thursday, April 2, 2015 at 5:53 AM
To: Barry Young
Subject: Your Order (U283HK1) has been successfully placed
Dear Barry Young,
Thank you for shopping with Jethobby.com. Your order (Number: U283HK1) has been successfully placed.
We will process and dispatch your order to you as soon as possible.
Please find a printable version of your invoice at the following link:
Order Number : 447041987
Payment Method : Credit Card
Shipping Method : Express
Number of Suggested Shipment(s): 1
Item Description Quantity Unit Price (USD) Total (USD)
Hot Bodies 61410 - Cyclone D4 Competition Buggy 1 207.99 207.99
Sub-total : USD 207.99
Tax : USD 0.00
Shipping (Express) : USD 45.49
Order Total : USD 253.48
Once your payment has been received and verified your payment, your order will be processed.
Thank you for shopping at Jethobby.com, and please come again!
Customer Service Department
Now, you have to admit that this looks like an official email. There are no misspellings or grammar mistakes. It's very specific about products and prices. Plus, my husband is very much into planes and aviation, so it sounds like a site he might order something from.
All of the links really do go to the Jethobby website, which even appears to be a real hobby shop based out of Hong Kong. So, how can you tell that this isn't a real email?
The best way to tell an email this good is a fake is to actually to check your bank account. If the order really has gone through then it will show up in your account or credit card statement.
If you do see a charge on your account, then this is no longer a phishing scam but identity theft. Someone is using your credit card for fraudulent purchases.
In this case, however, the email was a pure phishing scam. I was curious to see what would happen, so I loaded up the included link in a virtual machine (this is like running a safe version of Windows inside of Windows. It lets you test dangerous things without actually hurting your computer).
As soon as you visit the link, it tries to download a zip file. If it really was an invoice, you'd expect it to be a PDF file. Of course, even those can be infected, so steer clear.
I went ahead and downloaded the zip files and opened it to see this:
You'll notice that the file inside is an Application, which means it's a program instead of an image file or PDF. That's a huge warning sign that it is a virus of some kind. Of course, as I said, even image files and PDF files can hide viruses, so always be cautious.
Just for fun, I unzipped and ran the application, and it opened this image file in Internet Explorer:
Yes, the image is actually that blurry. The hackers are using a stock invoice template, threw in some text and blurred it so you can't tell it doesn't match the email. It's just a cover for something else going on in the background.
The virtual machine didn't immediately crash or give me a ransom demand, so it's most likely an invisible data-stealing type of virus. It could also have been trying to find a weak spot in Windows and failed because my operating system was up to date with all the latest security patches. Click here to make sure your copy of Windows has all the latest patches installed.
Because I did this on a throw-away virtual machine, I didn't take time to install security software, so I'm not sure if it would have caught the virus. However, it's still a good thing to have installed because if it didn't catch this it will catch most other things.
The moral of the story then, as always, is to not click on links in suspicious emails. And if you do, don't download anything it asks you to download. It's simple advice, but it will make you safer.