I'm going to talk about two of them today. The first one can actually bypass certain security filters altogether that companies use, and also has one really clever trick. And the other one is more simple, but still good to watch out for. Let's just start off with the simple one first.
This one was actually posted on Reddit, someone got this email. And as you can see, it's pretending to be Amazon and saying they're going to lock their account, but what's interesting is the scammer put the "To" address to some email at amazon.com to make it look like if you were just glancing at it, that it came from amazon.com.
And it might seem obvious now, but again, some people might only glance at it and not realize. And also the sending address is listed above it, but you can see that they made the address so long that it actually cuts off the domain part. So that's clever in that it hides that it's actually an email address, depending on the email client you're using. So there's kind of two techniques they added in there.
And the way they delivered the email to the victim, is they put them as the recipient for blind CC. So it's still got delivered to them, despite the To address being that phony Amazon one. Overall, it's pretty clever. Although there are a couple of giveaways. For example, the attachment says "State mant issued". Also the subject, "Your account has been locked and hold all your last order".
Though, remember sometimes that kind of thing is actually intentional to filter out people who might be more observant. Now, before we get to the really clever scam, we have a very relevant sponsor today, guardio. Guardio is a browser extension that provides a real time protection from all sorts of threats while browsing the web, as well as having a mobile app that can alert you about leaks of your info on the dark web. You could scan this QR code to check that out.
As for their browser extension, it blocks malicious sites using in-house custom developed methods for detecting phishing and malware content. All before those threats have a chance to do any harm. There's also download protection to block malicious files. Even if you accidentally click to download them, like from fake sites for popular software or even malicious game mods.
And speaking of malicious emails, Guardio has also just released a new cross platform email protection feature, which alerts you in real time also on your phone, if a malicious email bypasses your spam filter, so you know not to open it. So you can also be safe checking your email on your phone.
There's also plenty of other features like scanning your other browser extensions to alert you if there are any disguised malicious extensions installed and neutralizing them. And one of my personal favorite features is that it will warn you if a website's domain has been registered very recently, which is a major red flag. You can scan your browser for threats for free by visiting Guard.io/ThioJoe and installing the extension. And also check out that mobile app.
You'll get a seven day free trial to the premium features such as real time threat removal, plus 20% off every month for a year. So if you want a clean and secure browsing experience, again visit Guard.io/ThioJoe, link in the description, and check out their affordable premium plan, which includes full protection for up to five users. And with all that being said, let's continue.
Alright next up we can get to the second scam technique, which is a little bit more sophisticated to say the least. And it actually kind of combines multiple techniques. And those include the use of pure image-based phishing in the email, as well as clever use of QR codes and legitimate email account hijacking. This type of phishing attack was described in detail by a company named Inky.
They did a whole writeup with a lot of examples that they caught. They do some kind of enterprise filtering. For this one example, it was actually from an email account for a Japanese retail store that was hijacked. So it was a legitimate account, but used to send out this phishing email.
And what's notable here is there is no actual text in the email at all. The whole thing is just an image embedded in the email with the text and QR code part of that image. Because many enterprise email filters obviously look at the text of the email, but might not look at the contents of the image, though some do. And what they would do is use optical character recognition to scan it.
Now you might be wondering why they're using a QR code instead of just having the image hyperlinked to whatever phishing page they want. And that's actually where the QR code is really clever because this way, there's absolutely no text whatsoever to scan by a filter, not even a hyperlink. Because if they did link with the image, then there would be that HTML code in the email, including that link that could be scanned and then checked by the filter.
But with a QR code, you're basically telling the victim to scan it on their phone. So they don't need to click it at all, so therefore there's no link. It's a hundred percent pure image. Also, I don't think the article mentioned this, but one thing I thought of is if the victim is at some kind of company and they scan the QR code on their phone, if they're using cellular data on their phone, then they're also going to bypass any kind of company filters that might have caught the scam site if they were using the wifi or something, because if the website is not linked from the email, it might still be caught in some kind of web filter.
But again, if you're on cellular, that's not going to happen. It's just going to bypass all the filters. Another reason this can be effective is a lot of email clients will automatically display images that are embedded with the email. Usually there's an option to stop it from loading remote images. So if there's a link to an image in the email, you can set it to not load those.
And I actually recommend doing that because a lot of times there's a tracking pixel where it checks if you load a specific link to a specific pixel image, then they know that you opened that email. So I have it not open images by default. Anyway, whereas the email client might not open remote images that it has to load. If the image itself is included or embedded with the email itself, then it still might just show it automatically, and I think most do this.
Now you might remember, I mentioned a really clever trick at the beginning that these scammers are using, and that is that those QR codes they're sending in the email are individualized and specific to each victim with their email address. So when the victim scans the code and it takes them to a fake Microsoft login page, it actually includes the email address that it came from in the parameter for the URL. So that page actually then shows that email pre-filled in the fake Microsoft login page.
So it looks like one of those situations that we're probably all familiar with, where the website is just asking you to reconfirm your password. That's a pretty common thing, and it looks like that. So it adds some credibility that the user is like, "Oh well this must be legit because it already has my email and everything." And by the way, I'm pretty sure the QR codes are not generated manually.
It's probably all automatic through some kind of script. So it's really easy for the scammers to send out the personalized emails and they're doing it to hundreds is what this article said. So it's a relatively pretty big operation. For now, pretty much all the examples that we're seeing were for fake Microsoft logins, but I'm sure if this becomes effective or known to be effective, we'll start seeing it a lot more.
And obviously not just for Microsoft. The image based phishing is not new. I've seen those before for years. One was like for Geek Squad, but this QR code thing is relatively new. I've not seen that before. So overall, what to do is first of all, just be extremely suspicious of QR codes in emails. I can't really think of a reason why a legitimate company would put a QR code for you to visit instead of just having a link.
That's so much more difficult. Also, you can usually tell if it's an image as the text of the email, as opposed to real text. So just be on the lookout for that. And I should also throw in a side tip, which is if you see QR codes in public, do not scan them. They can easily be used to direct your phone to some malicious site that might have an exploit on there. And it is not a good idea.
As for the other technique with the fake To address, that's just going to involve the usual thing where you want to very carefully inspect the From address and know that's what you're looking at. And to be especially wary if anything is trying to get you to do something urgently, because that's usually what they want to do. They want to get you through the scam quick before you realize it.
So let me know down in the comments if you've seen one of these types of scams before, and what did you think of it? Did you immediately recognize it or not? Thanks again to Guardio for sponsoring this video. Be sure to visit Guard.io/ThioJoe to install the extension and scan your browser for threats for free.
The link is also in the description. And check out the mobile app. I assure you this QR code is safe. If you enjoyed the video, be sure to give it a big giant thumbs up for the YouTube algorithm and also consider subscribing. I try to make videos about twice a week, usually Wednesday and Saturday.
If you want to keep watching the next video I'd recommend is where I was talking about a cool Python app I made for generating memes using a hundred percent AI, I think it's pretty funny. You can actually potentially use it yourself. So I'll put that link right there. So thanks so much for watching and I'll see you in the next one.
