Investigating email spam 🔎

Why it's important to always be vigilant

 January 7, 2017


Most email providers do a decent job of filtering email spam. They're either outright deleted for you or put in a separate spam/junk/clutter folder. But, they're not perfect, and knowing how to spot the fakes becomes important. Submitting personally identifiable information (PII) to an unknown party allows them to open lines of credit, make purchases, assume your identity, etc. General rule of thumb is the more information given the more personal damage that can arise.

Backstory

A few days ago, my wife asked why she was locked out of her Capital One account. She received an email stating her "account has been temporarily suspended" and "You are required to provide neccessary information to regain access". A quick check on Capital One's site proved the former statement false. I had her show me the email and confirmed my suspicion of spam. Being the start of a new year, we went over what to look for when receiving these types of emails…

The email


Screenshot showing fake email from Capital One asking for PII


What's wrong?

Why does it look real?

Opening the attachment

⚠️ DON'T DO THIS! ⚠️ FAKE overlay intentionally added.


Screenshot showing fake Capital One site via email attachment


What's wrong?

Why does it look real?

Looking at the attachment source

This one section:

<form method="POST" action="http://fp1.formmail.com/cgi-bin/fm192">
    <!--All the fields used to get personal information-->
</form>

is just one reason why you never open attachments to emails! All the information provided is sent to the proprietor of the email (i.e. not Capital One).

Conclusions

I'll be brief: know that spam email can look very convincing, check for tell-tale signs of its legitimacy, and always think before you act.