$90 (at least) for completing a Pfizer survey…. amazing but how did they know I have just had my first Pfizer jab? It surely is not a coincidence, or is it?
This is a classic Phishing attempt, using the knowledge that scammers have about us socially, in this case the biggest broadest brushiest brush that anyone could ever come up with ….. as over 50% of the *population (* meaning “eligible” population in Australia) have been vaccinated so its a dead cert for the creator that they are going to be correct in at least 25% of the recipients of this message, unless targeting under 17 year olds and I know my teenage children, they do not have time for surveys ever! unless via Discord with regressive ASCII art emoticons.
The message header shows a lot more detail about the message and the DNS domain fqqauyasxxx.com (changed the url just in case someone clicks it), not catchy but I understand when giving away “At least $90” there is no budget left for a good DNS name to be used.
Domain-base Message Authentication Reporting and Conformance – DMARC
“DMARC is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing.”— Anna Wong, Volunteer
In my highlighted image above there is a perfect tool to flag an email if it does not look legit by taking a further step than Dmarc does today and not just authenticating that the domain in the message header is aligned and correct but going a step further, for example:
- Is this domain name human readable? (easy to dictionary check with ML)
- Has this domain been up for sufficient time? (Already doing a DNS Query)
- Does the domain have any Dmarc enforcement policy? (None? flag it)
If the above are all no at the very least apply a “suspicious” header to the email so that a Email Client can flag this to the end user, hopefully with a great big warning.
My example is simplistic but I do not mind being warned that something might be “wrong” when I browse websites and I would not mind being told that an email seems suspect.
What do you think?