 |
| Image from Pixabay |
On a drizzly Friday afternoon, one of
those we've had so much of lately, the carpet ordered would be delivered. A
showpiece for his new house, with a modern motif, no less than three by four
meters in size. Just a little too big to take with you in the car, but luckily
Ikea offered home delivery. And you don't have to count the screws this time,
sir, and there is no Allen key either.
But in the course of that afternoon
an email came in from “Post”. Subject: delivery issues. Content: “The product
you ordered is still in our distribution center. You must first pay € 3.95 for
customs duties. Click the button below to reschedule the delivery.” Payment had
to be made by credit card. That was the point where our carpet enthusiast
dropped out - if he could have paid with iDeal (a well-known payment system in
the Netherlands), he would have done it, just to get rid of it quickly.
Now, however, he was going to call
Ikea. There they told him that the message had not come from them and that the
carpet would be delivered as scheduled. Exactly during that conversation, in
which both sides quickly concluded that it must be phishing, another email
arrived. This time it also mentioned an order number, which did not match the
number of the carpet ordered.
The next day, both emails had
miraculously disappeared. An unpleasant feeling came over our Ikea customer:
had someone hacked his email account, seen the order and acted on it cleverly?
Or was the retail chain perhaps hacked, or was there even a mole at the Swedish
company who sold order data to cyber criminals? We'll probably never know -
unless there are a ton of reports like that and the email provider or the store
investigates and publishes the findings. But companies still tend to be quite
introverted about such things.
I don't think any of these scenarios
played out. Because that's how phishing works: you have ordered something and
at exactly the right moment you receive a message that could very well apply to
that order. Had you received that same message a few days earlier or later, you
would have shrugged and ignored it. They use the shotgun approach,
because it costs nothing anyway. And they always hit a few people for whom
their message does have meaning entirely by chance.
What were the red flags, the signals
that this could or should be phishing? To start with, the sender: not Ikea, not
even PostNL (the Dutch postal service), but Post. I don't know a parcel
delivery service by that name. Then Ikea was not mentioned in the entire post; usually
the name of the sender is always mentioned in communication from a delivery
service. And why customs duties? The carpet had been ordered in the Netherlands
and there had never been any question that it would be sent directly from a
carpet-making country. And then of course that order number, which had nothing
to do with the rug. Plenty of red flags, I'd say.
After hearing this account, I started
asking questions. First of all: have you already changed your email password?
That is always the first thing you do if you have the slightest suspicion that
someone has access to your mail. Your mail account is your most important
account, because almost all “I forgot my password” procedures go through your
mail. In other words: whoever has access to your mail can gain access to many
other accounts. Next question: both emails have disappeared, but do you still
have the web page in the browser? It wasn't there anymore, but it was still in
the browser history: onlinecamp[.]top. The e.Veritas URL checker classifies
this site as unsafe, and that “.top”, the so-called top-level domain (such as .com
and .net) is special. In the internet administration, the target market is
“general” and it is registered to Jiangsu Bangning Science & technology Co.
Ltd., a Chinese domain registrar – a company where you can register your
own internet domain. You can therefore reasonably assume that a link that ends
with .top (possibly with “/abracadabra/xyz/etc”) will take you to a Chinese
website. Ask yourself if you really want to go there.
So much effort to collect € 3.95? No.
Payment had to be made by credit card. If you enter your details on their fake
site, the criminals have your credit card details, which they can use to make a
multiple of that amount disappear. Fortunately, that did not work out this time
and the carpet looks nice.
And in the big bad world…
This section contains a
selection of news articles I came across in the past week. Because the original
version of this blog post is aimed at readers in the Netherlands, it contains
some links to articles in Dutch. Where no language is indicated, the article is
in English.
- phishing does not always contain a link or an attachment nowadays.
- a British supplier of tools for criminals goes behind bars for a long time.
- this legitimate app suddenly got a new function.
- a poorly tested update can wreck your device.
- Chinese state hackers hack Kenya, presumably in relation to debt.
- you can’t share your Netflix password anymore.
- a British IT worker hijacked a ransomware attack on his employer.
- US authorities have published an update to their StopRansomware Guide.
- Facebook’s parent company Meta has to pay a huge fine for sending
data from European users to the US. [DUTCH]
- Fingerprints can also be brute-forced.
- ransomware for charity is a new thing.
- Spain wants to ban the provision of end-to-end encryption in
Europe. [DUTCH]
.jpg)
No comments:
Post a Comment