Sunday, 19 October 2014

What a strange phishing email


I understand the pretending to be from Lloyds and phishing but why pick ebilling@bt.com as the sender. How is that in any way associated with Lloyds.

5 comments:

  1. I think you mean phishing ;-)

    ReplyDelete
  2. I would guess based on the research at http://research.microsoft.com/apps/pubs/default.aspx?id=167719 that it's a gullibility test - if you spot it, chances are good that you'd spot other mistakes in the phish, so lets rule you out nice and early, in the hope that you won't then flag the destination site as a scam.

    ReplyDelete
  3. I could come up with a few new "ph" words to describe the phishermen behind this.

    ReplyDelete
  4. Perhaps it's an address people are likely to have whitelisted - and maybe without the precautions Gmail and others would apply to genuine bank domains like SPF checks or DKIM?

    That, or they randomly pair up names and addresses to evade spam filters: I suppose a massive spam run with a single sender address at lloyds.com would be less likely to get through.

    ReplyDelete
  5. Reused spam bot / setup and lazy phishers forgot to change send address.

    ReplyDelete