Even I get phishing attempts by email!

Phishing an attempt to defraud you by use of a false or misleading email address:  It is rampant and there is very little we can do about it.  You have to look out for yourself.

the activity of defrauding an online account holder of financial information by posing as a legitimate company.
“phishing exercises in which criminals create replicas of commercial Web sites”
I even get them here at work.  When I got this one I was immediately suspicious. Although I have been ordering things online for Christmas and some of those things are coming by way of Fed Ex, I do that on my personal account from my home with my home IP address. I don’t have any sort of Fed Ex account.  Nor am I the person at the office who is in charge of sending things.  So why would someone one from Fed Ex email me about anything?
Click on the link to see the email

fed-ex

The email address in brackets is where the email is coming from:  Federal Express <eyeofhorusfohp@mail2sagittarius.com>

Note that although it says “Federal Express” as the sender  it has that crazy actual email address “eyeofhorus@mail2sagittarius.com.”    The REAL Fed Ex wouldn’t have a crazy email address like that.  Theirs has an address that ends in fedex.com. So I looked at their page regarding scams.

Fraudulent Email Alert

We have received reports of fraudulent emails with the subject lines “Shipping Conformation,” “Verify Info,” “Some important information is missing” and “Please fulfill the documents attached to verify your identity.” The fraudulent email may have an attached file that may contain a virus or other malware.

If you receive a message matching this description below, do not open the email or click on the attachment. Delete the email immediately or forward it to abuse@fedex.com.

FedEx does not send unsolicited emails to customers requesting information regarding packages, invoices, account numbers, passwords or personal information.

The sender of the email wants me to click on the link to see the message – yeah, right.  If I click on the link it will likely download a file that contains malware.  It could trigger a ransomware attempt on the city’s network or ask me to send them my personal information so they can takeover my identity.  Any number of bad things.

Don’t fall for it.  Always look for the extended address to see who is sending something.  And be suspicious when you get an unsolicited email even though the company seems like the real one.  Even when it is your company.  We have had cases where finance people get an email that purports to be from one of the big bosses who asks them to wire a large sum of money somewhere (likely overseas).  Hey if the big boss sends me a request I’d better get on it right?  Unless the big boss has asked you this before in person, or otherwise authenticates their identity – don’t do it.  Ask for authentication by making a phone call or going directly to their office.  The Big Boss will thank you.

Here is another example.  I don’t have a US Bank account, let alone one connected to my work email.  And despite the fact that I might like an epayment from someone, I’m not expecting one.

us-bank

Their emails end with usbank.com unlike the one in this email.

Make Mr. Eyeofhorus find someone else to scam.

Posted by

I'm the Chief of Police for the Auburn Hills Police Department.