Scam Alert: Email from Joe Miller at Domain World
Recently, several clients reported that they received a purportedly real email communication from “Joe Miller” through their website’s contact form. with the message shown in the attached image. From the email, recipients of this message are led to believe they urgently need to take action and pay for their expiring domain through a “secure payment link.” Scam alert, we bring to your attention the latest phishing scam.
However, everything in this message suggests a clever phishing attempt that innocent clients can easily fall prey to. This is NOT a legit domain renewal but an attempt to get you to transfer your domain and pay Joe. If you have any concerns about your domain payments, always contact your usual domain registrar and web developer.
What is a Phishing Scam?
Generally, phishing is among the many forms of social engineering attacks cybercriminals use to steal company or private user data. For example, credit card numbers and login credentials. Cybercriminals masquerade as the real or trusted company, duping victims into opening an instant message or email.
The hacker then tricks the recipient into clicking a malicious link. Which then either downloads a malicious file into the computer or installs malware that freezes the user’s PC. Organizations that succumb to phishing emails often suffer devastating results. These can range from exposed customer data, unauthorized purchases, identity theft, financial losses, declined market shares, poor reputation, and impaired customer trust.
How to Spot Phishing Attempt
Phishers take advantage of the fact that most people don’t have time to carefully analyze their emails and text messages. This is why they have attention-grabbing subject lines and clearly outlined prizes and offers to be won from fake competitions. Below are imminent signs of phishing scams;
Poor Grammar and Spelling
Most phishing operators can’t get away with basic and notable spelling and grammar errors in the messages. Official communication from major organizations will unlikely have bad spelling and grammar mistakes. A poorly written email should be an immediate warning that the message isn’t legitimate. Most attackers use translating services, such as Google Translate. Which cannot make the message appear natural though they can translate perfectly.
Malicious Link
Most phishing emails coerce recipients into clicking a link that leads to a fake or malicious website. These emails contain what appears to be an official URL that requires a second look to notice its variance from the real website URL. In some situations, it might simply be a shortened URL where the phisher hopes the recipient won’t scrutinize it and will just click the link. In other cases, the URL might have a slight variation from the legitimate address, making it difficult for the recipient to notice.
Mismatched or Strange Sender Address
Professional cyber criminals often eliminate all the obvious signs of a phishing email, such as poor grammar, correct formatting, use of correct company logos, and other identities. Therefore, to identify such phishing emails, you should focus on the sender’s address. In every case, the phisher cannot fake the real sender’s address. They simply hope that recipients won’t check it. However, they may attempt to make the address appear exactly like the real company’s address.
Protecting Yourself from Phishing Attacks
Unlike other cyberattacks, phishing attacks cannot be prevented by installing an antivirus or using a VPN. However, you should conduct extensive employee training. Teaching your employees how to identify a phishing email goes a long way in protecting your company from malicious attacks.
Enabling a two-factor authentication also forms a strong protective barrier since cybercriminals should go through two steps before conducting a successful attack. Microsoft estimates that multi-factor authentication prevents up to 99% of attempted user account attacks.
Scam Alert: Conclusion
Joe Miller’s email from Domain World features all the elements of a phishing attack, including attention-grabbing subject lines and unsolicited links. With phishing scams hitting several companies, costing U.S businesses approximately $5 billion annually, you should be on the lookout for such emails. Do not fall prey to Joe Miller’s domain renewal scam.