Phish and chips

A couple of weeks ago, I came across a fascinating blog post about spotting phishing attempts via email: An Annotated Field Guide to Identifying Phish. For me, it’s one of those topics I come back to every now and then, especially when I receive dodgy looking emails with “simple” HTML links that purport to be legit.

I read this particular post just after getting five (yes, five!) variants of the following email:

(USPS Tax Letter is out for delivery from IRS On January 31, 2023, 2:35:55 AM)
Tax Revenue Letter from IRS.GOV
Message received on January 31, 2023, 2:35:49 AM
Message Transcript "Hello I am calling in regards to your Irs Letter delivery....."

And the included HTML file link (called IRS-TAX-LETTER.HTM to reinforce its legitimacy)? Here you go:

<!DOCTYPE html>
<html lang="en">
  <title>Redirecting ....</title>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="stylesheet" href="">

<div class="container">


Yep, indeed. If I’d opened that HTML file to see what it showed, I’d have been transported to some GUID-altered URL in Russia. No thanks.

The very next day I got another scam email; this time with the interesting bit being the use of a URL with a non-ASCII character. Ready?

McAfee scam email

Hmm,, right?

I’m pretty sure that, like me, you’d spotted the “curly” lower-case ƒ – it’s even used in the word “feedback”. Well, it’s also used in the “more info” URL to differentiate it from the real domain. Tsk tsk.

Grimaces & Misere

Loading similar posts...   Loading links to posts on similar topics...

No Responses

Feel free to add a comment...

Leave a response

Note: some MarkDown is allowed, but HTML is not. Expand to show what's available.

  •  Emphasize with italics: surround word with underscores _emphasis_
  •  Emphasize strongly: surround word with double-asterisks **strong**
  •  Link: surround text with square brackets, url with parentheses [text](url)
  •  Inline code: surround text with backticks `IEnumerable`
  •  Unordered list: start each line with an asterisk, space * an item
  •  Ordered list: start each line with a digit, period, space 1. an item
  •  Insert code block: start each line with four spaces
  •  Insert blockquote: start each line with right-angle-bracket, space > Now is the time...
Preview of response