Tel: (+61) 422 933 319

Email: [email protected]

Facebook

Twitter

LinkedIn

Kicksec logo

Pfizer up and win $90

Posted in :

, , ,

kicksec.IO

$90 (at least) for completing a Pfizer survey…. amazing but how did they know I have just had my first Pfizer jab? It surely is not a coincidence, or is it?

This is a classic Phishing attempt, using the knowledge that scammers have about us socially, in this case the biggest broadest brushiest brush that anyone could ever come up with ….. as over 50% of the *population (* meaning “eligible” population in Australia) have been vaccinated so its a dead cert for the creator that they are going to be correct in at least 25% of the recipients of this message, unless targeting under 17 year olds and I know my teenage children, they do not have time for surveys ever! unless via Discord with regressive ASCII art emoticons.

In the image above are all the elements of good yet not excessive bait for an unwary victim, except that it is weird to offer Free rewards worth a minimum of $90 and then to state “Free to take the survey”, my hope is that we do not start down a path where even surveys start costing the user, maybe in the future but I am not ready today for this.

The message header shows a lot more detail about the message and the DNS domain fqqauyasxxx.com (changed the url just in case someone clicks it), not catchy but I understand when giving away “At least $90” there is no budget left for a good DNS name to be used.

Domain-base Message Authentication Reporting and Conformance – DMARC

“DMARC is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing.”

— Anna Wong, Volunteer

In my highlighted image above there is a perfect tool to flag an email if it does not look legit by taking a further step than Dmarc does today and not just authenticating that the domain in the message header is aligned and correct but going a step further, for example:

  1. Is this domain name human readable? (easy to dictionary check with ML)
  2. Has this domain been up for sufficient time? (Already doing a DNS Query)
  3. Does the domain have any Dmarc enforcement policy? (None? flag it)

If the above are all no at the very least apply a “suspicious” header to the email so that a Email Client can flag this to the end user, hopefully with a great big warning.

My example is simplistic but I do not mind being warned that something might be “wrong” when I browse websites and I would not mind being told that an email seems suspect.

What do you think?

Leave a Reply

Related Posts

Registration

Forgotten Password?