Chapter in this post:
It's been a while since I issued the last phishing alert. That in itself is a good sign, because the hosters are more and more eager to filter these mails from the server before they are even delivered to the reader.
Here is an overview of my last phishing attempts:
Nevertheless, a few of these malicious e-mail copies keep coming through and popping up in my mailbox. Currently a mail that supposedly from the hosting provider All-Incl.com should come.
Of course sent All-Incl.com not such emails. In the many years that I've been a customer there, I haven't even received an email relating to the webmail service.
And when emails came that came from the provider, they never had this red header.
There are a few unmistakable signs that point to the maliciousness of the mail. I would like to briefly present these to you so that you are prepared in the future and can recognize such fraudulent e-mails yourself:
The first thing I check is the URL that is behind the appropriate links. To do this, move the mouse pointer over the link on the Mac and wait a short time. After a second or two, Apple Mail will now show you the URL that would be visited if you clicked on the link.
In this case you can see that not there all-inkl.com as a domain (the part before the first slash in the URL), but "afoialexiou.gr". The fraudsters have created subdomains so that "all-inkl.com" and "kasserver" appear in the URL, but the correct domain is "afoialexiou.gr" and the top-level domain is ".gr" for Greece.
In a nutshell: The domain does NOT belong to "all-inkl.com", instead the scammers' website is called up (presumably via various redirects).
In all the mails that I am All-Incl.com my name and customer number are included. In this case, there is only my e-mail address, but I don't even use this for All-inkl.com. So I can be relatively sure that the email did not come from the provider, but from someone who only scoured public data on my website.
If All-inkl should actually write you an email, then the domain on which the sender address is registered is almost certainly "all-inkl.com". For example email@example.com, but not the nonsense that is mentioned in the mail as the sender and reply-to address.
In this post has already been explained in more detail what these emails are, why they are called "phishing emails" and how they can be recognized.
Nevertheless, at this point the brief information about what the makers of these mails want to achieve: Basically, it is about stealing your access data to a portal or a service.
The scammers pretend to be a company that you know with fake emails and websites and then ask you to enter your login details on the website. These are then of course stored and later the fraudsters can log into your account with the data and do further nonsense.
At the end of the campaign it usually says that the fraudsters get money. Whether you trick this through in-app purchases or transfer directly from your PayPal account to yourself is of secondary importance.
Jens has been running the blog since 2012. He appears as Sir Apfelot for his readers and helps them with problems of a technical nature. In his free time he drives electric unicycles, takes photos (preferably with his iPhone, of course), climbs around in the Hessian mountains or hikes with the family. His articles deal with Apple products, news from the world of drones or solutions for current bugs.