CSAM: Month of False Positives - Breach Emails?
With all the high profile breaches pretty much every one of us has received a breach notification email in the recent past. But how many of you could tell if it was legitimate?
Take this email from Target from early in 2014.
With all the Target Phishing campaigns going around at the time many people questioned the legitimacy of this email. At first glance it looks pretty legitimate.
With all the garbage email we receive most of us have been diliigent that at a minimum we check two things:
- links in the email point to where the link says it points and that where the link points looks legitimate,
- sender address, and reply-to, address does not look spoofed
In this case there is only one link in the email and it points to creditmonitoring.target.com, which is a page in the target.com website. What made people question the legitimacy was the from email address. It was sent from TargetNews@target.bfio.com. Clearly not a Target domain.
It turns out this email is legitimate. bfi0.com is a part of Epsilon Interactive a marketing service that Target uses for customer marketing. If you check Targets FAQ page it says:
A: To make sure you continue to receive Target emails in your personal inbox (not bulk or junk folders), please take a moment to add Target.com [TargetNews@Target.
Subject: Important Request from Fisher-Price Online Store
Reply-To: service@service.fisher-
To ensure you receive our Fisher-Price e-mails in your inbox (not bulk or junk folders), please add
service@eservice.fisher-
Dear Valued Customer,
In order to improve your Fisher-Price Online Store website experience, we have transitioned to a different technology platform. As part of the transition, existing password information has been removed from your account. Before you can login to your account on the new site, you will need to reset your password using the "Forgot Password?" link.
As an added measure of security during the transition, all payment information was also removed from your account. After logging in, please feel free to re-enter that information for fast and easy checkout.
Thank you for your immediate attention to this matter and your continued interest in Fisher-Price Online Store. We look forward to serving you soon!
Sincerely,
Fisher-Price Online Store Customer Service
Please note that this does not affect your password for Fisher-Price.com. No changes are needed for your Fisher-Price.com account.
Questions? Please contact Customer Service at 1-800-747-8697.
US postal mail address: Mattel Direct, Inc., Attn: Customer Service, PO Box 620978, Middleton, WI 53562-0978
Fisher-Price Privacy Statement | Legal Terms and Conditions
©2014 Mattel, Inc. All Rights Reserved
-- Rick Wanner - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)
Comments
This seems like a good opportunity to give a nod to "phishingquiz.mcafee.com", which contains a mix of legitimate and phishing emails that people can use to test themselves or train others. It's free, no registration needed and I have nothing to do with McAfee. It's just a good free web-based quiz.
I think the part we are missing is how to easily spot phishing emails/messages/SMS on mobile devices. How do you "mouse over" a link on a phone or tablet? Sometimes holding the link for a second or two works, but that's a little scary if you think it might be dangerous. But perhaps the awareness training and functionality need to keep up with the technology better in that area.
Gavin
Anonymous
Oct 11th 2014
9 years ago
patermann
Anonymous
Oct 13th 2014
9 years ago