3 classic indicators on phishing scam emails

A few alerts tripped off over the past few days on recent phishing scams that are bouncing around lately. As sophisticated as these attacks can be, it's amazing how many low-grade scams still circulate and are effective. This morning I came across a this rather clever one, or at least a well-timed attack. Because Adobe recently released a flash update, this scam bounces you to a rouge website where you are told your flash needs to update. unfortunately, that ain't flash your downloading, it's ZeuS/ZBOT malware. Ouch!

But hey, there is also stuff bouncing around that while it looks rather tricky, it has some obvious indicators in the email. AT&T announced today reported the scam below

AT&T pointed out (3) easy indicators for you to know the email isn't a real notification from AT&T:

  • High total balance due - A very high balance is usually listed to encourage the recipient to click on the link to review their bill.
  • No account number is listed - Legitimate AT&T bill notices will typically list the account number or several digits of the account number.
  • Non AT&T links - If you hover over the links, you will see the destination URLs. The pattern is typically: https://[random-non-att.com domain]/[random text]/[random text.html]. The links lead to a malware payload website, which changes frequently to circumvent blocking. The links have no affiliation with AT&T and they are compromised websites.

Hey, one last thing... see that URL in the screenshot - that's a WordPress URL and I guarantee that's a compromised host thats being used as an instrument to deliver this malware. another reason to avoid shared hosting, huh?

Gotta run, WordPress is telling me I need to upgrade to 3.4.2 http://codex.wordpress.org/Version_3.4.2