Phishing email: The YouTube impostor
In 2010, AVAST noticed that the majority of malware infections were occurring via infected websites, rather than from malicious email, which had previously been the main culprit.
But good criminals go where they are least expected.
A couple weeks ago I posted an example of a type of phishing email that I’ve since learned is called ‘vishing‘, as it uses voice (VoIP, telephone) as an agent in the scam process. (It reminds me of a public payphone I had to use in Mexico about 10 years ago, which billed me something around $80 for a five-minute call.)
Now, a story today in The Washington Post — “Google says hackers based in China accessed U.S. officials’ Gmail accounts” — details how Google got to play a bit of cybercop last week when they noticed “vast quantities of e-mail content” belonging to U.S. government officials and military personnel being accessed from Jinan, China. Allegedly, ‘phishing’ emails were the tool used for this security breach.
Which brings me to the title of this post, as a few days ago I received to my Gmail inbox (two spam filters missed it) what appeared to be a legitimate email from YouTube, stating that my “video has been approved” and providing a legitimate-looking link:
As I typically don’t click anything without first hovering to see where it actually goes, I immediately noticed that this one wasn’t actually going to YouTube.com, but instead to:
The pest control link then reroutes to a pharmaceutical company specializing in ED (erectile dysfunction) medications such as Viagra and Cialis. When they know the spam filters will weed out their direct (e)mail, they will use deception to get you there. And at the bottom of their page? Links to “Report spam” and their “Anti-spam policy.”
Considering the pharmaceutical store is a legitimate international company, I have to wonder if the management are even aware of the deceptive techniques being used to bring traffic to their site.