Welcome to the third instalment of Scam of the Week.
Today we are going to look at a scam email that made it all the way to my Inbox, without being caught by any of the standard Junk mail filters.
This kind of message is nothing new but a recent trend we are seeing is that traditional Junk mail filters are not picking these up.
This message is apparently from Google Drive but it could just as easily be from Dropbox, OneDrive or any other such service.
The fist thing I want to look at here is the sender address.
Bethany Joyce Sibala (via Google Drive) email@example.com
The name Bethany Joyce Sibala means nothing to me and Googling her name seems to indicate she is a real person, but this still doesn't help me, the thing is the apparent sender address <firstname.lastname@example.org> does appear to be legitimate.
Using my trusty Message Header Analyzer I can see that the message did indeed come from 'email@example.com'. Coupled with the very official-looking Google logo in the email I might be convinced that the email is legitimate.
Let's take a closer look at the message header-
This bit might get a bit technical but I'll do my best to explain. Looking at the details of the message header I can see that the email passed SPF testing and passed DKIM testing. Both of these are methods designed to help email systems determine if an email is legitimate or not. Everything here points to the fact that this message is legitimate. It is beyond doubt that this email was sent by the real Google Drive email system.
The fact that this message passed SPF & DKIM testing and that the message content seems legitimate caused this email received a Spam Confidence Level (SCL) of only 1.
An SCL of 1 is a very low score and effectively means "this message is almost certainly NOT spam"
At least now we know why the email went straight to my Inbox.
So how do I know that it is a scam?
Well so far, I haven't looked at what the link contains, I'll get to that in a moment. For now I can be very close to certain that it is a scam for one simple reason - I have no idea who Bethany Joyce Sibala is!
But what if the name was someone that I knew? What then?
That might make things a bit trickier. I mean, if I received this message with a familiar name on it and I happened to be collaborating with them on some Google Drive document I might well be tempted to click the little blue open button.
The little blue Open button. Should I click it?
What is the scam, what are they trying to achieve?
Just like every other scam, they are trying to trick me in to something, maybe they want my Google password, maybe they want to infect my computer with Malware, maybe something I haven't thought of.
I can only think of one way to find out. Let's click on that link and find out shall we?
Cue the drum roll - here is what I see when I click the link-
The link destination proves what I already thought, the URL i the link is actually for a real Google Drive shared file or folder. Unfortunately, (for the sake of this blog post) the link has apparently already been taken down.
That's too bad, because now we'll never know specifically how they were trying to scam us. Better luck next time...
I hope you have enjoyed this scam dissection and learned something from it. Feel free to leave a comment or suggestions for a future post below.