WEBVTT 00:00:00.000 --> 00:00:06.280 align:middle line:90% 00:00:06.280 --> 00:00:12.630 align:middle line:84% So these are very real spoofing emails and different attacks. 00:00:12.630 --> 00:00:15.280 align:middle line:84% So this one's a pretty common one. 00:00:15.280 --> 00:00:18.145 align:middle line:84% I see this one quite a bit - Amazon Service Reminder message 00:00:18.145 --> 00:00:20.290 align:middle line:90% - Greetings from Amazon. 00:00:20.290 --> 00:00:24.080 align:middle line:84% We placed on hold all your orders from Amazon 00:00:24.080 --> 00:00:26.830 align:middle line:84% because we detected unusual activity on it. 00:00:26.830 --> 00:00:29.310 align:middle line:84% You can help us by unlocking this account and logging 00:00:29.310 --> 00:00:31.810 align:middle line:84% in to your account and following the on-screen instructions. 00:00:31.810 --> 00:00:34.420 align:middle line:90% And it's got the Amazon logo. 00:00:34.420 --> 00:00:37.720 align:middle line:84% It's got the Amazon type font on there. 00:00:37.720 --> 00:00:40.090 align:middle line:84% There's a button to verify my information, 00:00:40.090 --> 00:00:46.270 align:middle line:84% and this type of attack is essentially a fear attack. 00:00:46.270 --> 00:00:48.340 align:middle line:90% I can't get my packages anymore. 00:00:48.340 --> 00:00:50.710 align:middle line:90% I can't get my Amazon packages. 00:00:50.710 --> 00:00:52.030 align:middle line:90% My account's on hold. 00:00:52.030 --> 00:00:53.920 align:middle line:84% I need to click this verify information 00:00:53.920 --> 00:00:55.940 align:middle line:90% and enter my credentials. 00:00:55.940 --> 00:00:58.750 align:middle line:84% So what this is doing is it's forcing me to take action, 00:00:58.750 --> 00:01:00.520 align:middle line:84% because if I don't do this, I won't 00:01:00.520 --> 00:01:01.910 align:middle line:90% be able to get my packages. 00:01:01.910 --> 00:01:04.605 align:middle line:84% I won't be able to make orders and whatnot from Amazon. 00:01:04.605 --> 00:01:05.980 align:middle line:84% And, of course, what happens when 00:01:05.980 --> 00:01:07.563 align:middle line:84% I click that verify button, it's going 00:01:07.563 --> 00:01:10.240 align:middle line:84% to take me to a very real looking Amazon page. 00:01:10.240 --> 00:01:11.740 align:middle line:84% I'm going to log in with my account, 00:01:11.740 --> 00:01:14.830 align:middle line:84% and they're going to steal my login and password. 00:01:14.830 --> 00:01:19.920 align:middle line:84% So that is one type of attack, and this 00:01:19.920 --> 00:01:22.200 align:middle line:90% is a social engineering attack. 00:01:22.200 --> 00:01:24.870 align:middle line:84% Again, it's presenting itself as Amazon. 00:01:24.870 --> 00:01:28.980 align:middle line:84% It's forcing me - it's trying to scare me into oh, 00:01:28.980 --> 00:01:31.080 align:middle line:84% I got to verify my information, otherwise I 00:01:31.080 --> 00:01:33.630 align:middle line:90% can't get my Amazon stuff. 00:01:33.630 --> 00:01:36.900 align:middle line:84% And if we look up here, we can see it's actually 00:01:36.900 --> 00:01:39.240 align:middle line:90% not Amazon's email address. 00:01:39.240 --> 00:01:44.100 align:middle line:84% It's this really weird email address at mmxtheater.com. 00:01:44.100 --> 00:01:47.090 align:middle line:84% So obviously it's not an Amazon email. 00:01:47.090 --> 00:01:48.840 align:middle line:84% But if you're not paying close attention-- 00:01:48.840 --> 00:01:53.580 align:middle line:84% if you're just looking at the header Amazon service reminder, 00:01:53.580 --> 00:01:56.520 align:middle line:84% and it's got this official looking number on it, 00:01:56.520 --> 00:01:58.680 align:middle line:84% and it's got the Amazon logo on there, 00:01:58.680 --> 00:02:01.170 align:middle line:84% and it's got the type font and whatnot, 00:02:01.170 --> 00:02:03.150 align:middle line:84% it kind of looks like an Amazon email. 00:02:03.150 --> 00:02:05.700 align:middle line:84% And when I look over here, if I'm just glancing 00:02:05.700 --> 00:02:09.060 align:middle line:90% I see something.amazon.com. 00:02:09.060 --> 00:02:12.570 align:middle line:84% So a lot of users will think OK, well, this is from Amazon. 00:02:12.570 --> 00:02:13.680 align:middle line:90% It says it's from Amazon. 00:02:13.680 --> 00:02:15.140 align:middle line:90% It's got an Amazon logo. 00:02:15.140 --> 00:02:16.860 align:middle line:90% It looks like an Amazon email. 00:02:16.860 --> 00:02:19.830 align:middle line:84% Let me click this button and at least see where it goes. 00:02:19.830 --> 00:02:22.620 align:middle line:84% And, of course, it's going to look like an Amazon website, 00:02:22.620 --> 00:02:25.990 align:middle line:84% even though it's not going to be amazon.com. 00:02:25.990 --> 00:02:29.860 align:middle line:84% So again, this is a social engineering type 00:02:29.860 --> 00:02:35.420 align:middle line:84% email sent by a spear phishing or phishing email. 00:02:35.420 --> 00:02:39.040 align:middle line:84% So this next one is a Microsoft account. 00:02:39.040 --> 00:02:42.020 align:middle line:84% Your email account will expire in 48 hours. 00:02:42.020 --> 00:02:45.550 align:middle line:84% So again, this is forcing me to take action right away. 00:02:45.550 --> 00:02:48.580 align:middle line:84% I have 48 hours to reactivate my account. 00:02:48.580 --> 00:02:51.940 align:middle line:84% I'm going to have to click a reactivate button. 00:02:51.940 --> 00:02:54.640 align:middle line:90% Sincerely, the Microsoft team. 00:02:54.640 --> 00:02:58.540 align:middle line:84% And this one is pretty good, because if we look up in here, 00:02:58.540 --> 00:03:04.120 align:middle line:84% it says account@microsoftonline.com. 00:03:04.120 --> 00:03:08.830 align:middle line:84% And again, they're using the Microsoft Office 365 00:03:08.830 --> 00:03:12.580 align:middle line:84% logo, the type of - we got the watermark down here 00:03:12.580 --> 00:03:13.510 align:middle line:90% from Microsoft. 00:03:13.510 --> 00:03:17.870 align:middle line:84% We have the Microsoft actual address here. 00:03:17.870 --> 00:03:20.060 align:middle line:84% And if I click on the Privacy or Legal button, 00:03:20.060 --> 00:03:22.227 align:middle line:84% it will probably actually pull up the real Microsoft 00:03:22.227 --> 00:03:24.730 align:middle line:90% legal and privacy agreement. 00:03:24.730 --> 00:03:28.600 align:middle line:84% However, if I click on Reactivate or Opt Out, 00:03:28.600 --> 00:03:32.050 align:middle line:84% it's going to take me to a very real looking Microsoft page, 00:03:32.050 --> 00:03:37.850 align:middle line:84% and have me log in, and then, of course, steal my credentials. 00:03:37.850 --> 00:03:42.450 align:middle line:84% So this is forcing me to take action. 00:03:42.450 --> 00:03:45.960 align:middle line:84% I have 48 hours to fill out this information 00:03:45.960 --> 00:03:49.160 align:middle line:90% or my account will be deleted. 00:03:49.160 --> 00:03:54.680 align:middle line:84% So again, the idea of social engineering a lot of times 00:03:54.680 --> 00:03:59.540 align:middle line:84% is either coercing someone - it's always coercing someone 00:03:59.540 --> 00:04:00.330 align:middle line:90% to do something. 00:04:00.330 --> 00:04:04.010 align:middle line:84% And in this case, it's scaring me 00:04:04.010 --> 00:04:06.560 align:middle line:84% into having to take action right away. 00:04:06.560 --> 00:04:08.640 align:middle line:84% It's a scarcity, I have 48 hours. 00:04:08.640 --> 00:04:10.960 align:middle line:84% If I don't hit that 48-hour window 00:04:10.960 --> 00:04:13.370 align:middle line:84% and reactivate my account and my credentials, 00:04:13.370 --> 00:04:16.850 align:middle line:90% I'm going to lose my account. 00:04:16.850 --> 00:04:21.769 align:middle line:84% So the easy way to figure this one out is well, 00:04:21.769 --> 00:04:27.000 align:middle line:84% I don't have an Office 365 account, and matter of fact, 00:04:27.000 --> 00:04:28.445 align:middle line:84% if I look up this email address - 00:04:28.445 --> 00:04:31.070 align:middle line:84% this account@microsoftonline.com, 00:04:31.070 --> 00:04:33.150 align:middle line:84% you'll actually find information that hey, 00:04:33.150 --> 00:04:37.820 align:middle line:84% this is actually a fake email address. 00:04:37.820 --> 00:04:41.290 align:middle line:84% So this is another one I get a lot - PayPal. 00:04:41.290 --> 00:04:44.800 align:middle line:90% My PayPal account is limited. 00:04:44.800 --> 00:04:49.580 align:middle line:84% And again, it's my account's limited. 00:04:49.580 --> 00:04:50.810 align:middle line:90% It's placed on hold. 00:04:50.810 --> 00:04:52.190 align:middle line:90% I've got to activate it. 00:04:52.190 --> 00:04:53.840 align:middle line:84% Again, if I click Activate, it's going 00:04:53.840 --> 00:04:56.220 align:middle line:84% to take me to a very real PayPal website 00:04:56.220 --> 00:04:58.220 align:middle line:84% where I enter my credentials, and of course it's 00:04:58.220 --> 00:05:00.170 align:middle line:90% going to steal it. 00:05:00.170 --> 00:05:05.110 align:middle line:84% So and if you look here, here's another scare tactic. 00:05:05.110 --> 00:05:10.450 align:middle line:84% Your PayPal account is used to pay $403 for items on eBay. 00:05:10.450 --> 00:05:13.990 align:middle line:84% So again, it's scaring me into hey, 00:05:13.990 --> 00:05:17.190 align:middle line:84% someone took $403 from my PayPal account 00:05:17.190 --> 00:05:18.460 align:middle line:90% to buy something on eBay. 00:05:18.460 --> 00:05:20.800 align:middle line:84% I never order anything from eBay, or at least 00:05:20.800 --> 00:05:23.950 align:middle line:90% not for that amount. 00:05:23.950 --> 00:05:26.770 align:middle line:84% So again, if you're not paying close attention, 00:05:26.770 --> 00:05:30.270 align:middle line:84% you'll see this PayPal logo looks real, 00:05:30.270 --> 00:05:32.040 align:middle line:90% the header looks pretty real. 00:05:32.040 --> 00:05:36.450 align:middle line:84% We have the copyright for PayPal and the address here. 00:05:36.450 --> 00:05:38.902 align:middle line:90% 00:05:38.902 --> 00:05:40.610 align:middle line:84% But the thing you should be worried about 00:05:40.610 --> 00:05:43.840 align:middle line:84% is well, for me, it was well, you 00:05:43.840 --> 00:05:46.330 align:middle line:90% sent this to the wrong email. 00:05:46.330 --> 00:05:47.830 align:middle line:84% I don't have my PayPal account tied 00:05:47.830 --> 00:05:50.320 align:middle line:90% to the email they sent it to. 00:05:50.320 --> 00:05:52.960 align:middle line:84% Second of all, I can see this customer@live.com. 00:05:52.960 --> 00:05:56.740 align:middle line:84% It should really be my email address itself. 00:05:56.740 --> 00:06:01.300 align:middle line:84% Up here, I'm not sure why it would say Numero Del Caso. 00:06:01.300 --> 00:06:03.460 align:middle line:84% Since I am in the United States, everything 00:06:03.460 --> 00:06:05.530 align:middle line:90% should have been in English. 00:06:05.530 --> 00:06:11.770 align:middle line:84% And we see here that the service@intl.limited.com - 00:06:11.770 --> 00:06:12.970 align:middle line:90% that's not a PayPal address. 00:06:12.970 --> 00:06:14.928 align:middle line:84% As a matter of fact, when we look further here, 00:06:14.928 --> 00:06:17.260 align:middle line:84% it's really this long weird email address, 00:06:17.260 --> 00:06:19.850 align:middle line:90% and that's certainly not PayPal. 00:06:19.850 --> 00:06:22.580 align:middle line:84% So again, it's a social engineering attack 00:06:22.580 --> 00:06:24.320 align:middle line:90% where it's trying to scare you. 00:06:24.320 --> 00:06:28.400 align:middle line:84% Hey, my account's been placed on limited. 00:06:28.400 --> 00:06:30.760 align:middle line:84% Someone used money from my PayPal account. 00:06:30.760 --> 00:06:32.870 align:middle line:84% I need to find out what's going on. 00:06:32.870 --> 00:06:35.900 align:middle line:84% Click Activate, log in, and, of course, 00:06:35.900 --> 00:06:38.350 align:middle line:90% your credentials get stolen. 00:06:38.350 --> 00:06:40.000 align:middle line:90%