Mark Amory | 9 January 2019
We should all be cautious when it comes to emails from unsolicited sources as they could be phishing attempts, but what about those you think you know and trust?
I'm a massive IoT geek, and as such am a member of many different IoT related forums and user groups. Over the Christmas period I spent many hours helping others out with their Smart home devices, and I estimate that I clocked over 50 hours of online time over the 3 weeks I had off work helping people dip their toes into the world of home automation. I helped out with queries about the Amazon echo range of devices, which devices have built-in ZigBee hubs, whether you need an Ikea Tradfi hub or not if you want to run Tradfri bulbs, which are the best smart plugs to buy, and what is the best way to get your music streamed over your network (Spotify, Amazon, Plex, iBroadcast, etc.)
It's the music part that brings me to this blog.
One user posted the following images and was worried about the fallout of their actions…
Their post piqued my interest, and not just because they only had 7% battery remaining!
In the post, they mentioned that the offer of 2 months free upgrade to the family music plan (saving nearly £30) led them to a site where they had to enter the email addresses of all those they wished to add to the account.
What raised their suspicions was that the code – TRYFAMILY did not work when they entered it, but this was after they had entered the email address details.
They contacted amazon who confirmed that they had NOT sent the email and that it was indeed fake.
Fortunately, they had not entered any other details aside from the email addresses, but the advice from most in the group was to monitor the email accounts for any suspicious activity and consider changing passwords to be on the safe side.
The thing that makes this quite a good attack however is that during the Christmas period, Amazon were indeed offering music unlimited for free for two months, so it all looked quite legitimate.
Normally when criminals pull stunts like this, they use a quick copy & paste of a legitimate email and just change a few hyperlinks, but this one was different in that the image they used at the top of the email seems to be specially made, as from the research I did, I could not find a similar image anywhere. It seems to me that those behind this scam had taken the time to design their own, fake image – complete with fairy lights.
All in all, I was quite impressed with the work put into the email and in all honesty, I think it would have fooled most people.
Just goes to show that you really do have to be on the ball when it comes to the email you receive, and don’t go clicking on links unless you are certain that they are trustworthy.
QA offer numerous cyber security related courses that cover phishing attacks and what to look for and how to protect yourself. See our website for more details - cyber.qa.com