Was this a Phishing Email scam?

[ChemicalB]

Hi guys, I hope this is the right forum section.

Just a few days ago I got an email, apparently from SDA courier, to rectify some details about my order, by clicking on a link into the email.
Actually I was waiting for some ordered stuff and just for a breath I haven't clicked on the link because I had some suspicions when inspecting the link: it was .ru domain, so I deleted everything!
I think this was a phishing attack, but very realistic, because really many times I got legitimate emails from SDA!

How can you defend yourself from these attacks? Any advice?

Thanks in advance

 

[Quassar]

Normally i just read with open eyes and im not happy clicker ( i don't click on each direct links which popup in windows)
Just look on email address and website address

2nd things I dont share emails everywhere and dont public address on website where all users even not logged peoples can see it.
I use proton mail since few years and i didn't get even single spam on it.. since i use it.
Ok.... ok i got 1 but i special had manual subscribe to get notify about updates and incoming events in game which i play ^^

For forums and and website i use separete emails for better recognize...
for trash site where i rly need use email to make acc i use trash venodrs like : 10 Minute Mail - Temporary E-Mail or Temp Mail - Disposable Temporary Email

Use domains and bridge to make custome cilent with aliases is rly good against spam.

 

[LDogg]

You could also use an extension like Netcraft as well. Also look at the email sender as it could be a doggy looking email address and the grammar/punctuation of the entire email. Another thing to look out for is when the email is question has nothing to do with you, you never ordered anything on that day or you're not with that company.

~LDogg

 

[RoboMan]

Great work @stepseven84 for spotting the phishing e-mail. You can fully equip your browser and system with security apps, but in the end it all sums up to your browsing habits and your skills to spot attacks.

You can minimize the risk with security browser extensions like NetCraft or MalwareBytes Beta Extension but most of the times they won't help you. Always double check the sender, the link and inspect the body of the e-mail, you'll probably find out on your own wether it's legit or not.

 

[HarborFront]

These are what you can do

1) Choose a DNS which offers good phishing protection
Q&A - Phishing Protection — Comparing DNS Security Filters
2) Choose an AV/AM which offers good phishing protection
3) Use a web filter like K9
4) Use extensions like Netcraft, Malwarebytes etc or filters in your extension
5) Choose a browser with built-in anti-phishing protection

 

[cruelsister]

Step- Use Comodo Firewall and you can click on any links that you like.

Personally I just drool with happiness if I ever get an email such as yours (sadly, I never do...).

 

[RoboMan]

Step- Use Comodo Firewall and you can click on any links that you like.

Personally I just drool with happiness if I ever get an email such as yours (sadly, I never do...).

Ah, the good feel of believing a software is invincible. Expected more than simple fanatism from you sis

 

[shmu26]

The most dangerous thing about such links is not the malware that they might attempt to download. The malware is relatively easy to block, as @cruelsister pointed out. Anyways, as long as you don't click on the download, it won't bite you.
The really dangerous thing is that they will try to get you to give over sensitive info. For instance, the link might lead to a fake login page, and if you fill in your real info on that page, then guess what...

 

[cruelsister]

Expected more than simple fanatism from you sis

Not fanaticism, just experience. If I could breach it with an email link I would drop CF quicker than I do boyfriends.

For instance, the link might lead to a fake login page, and if you fill in your real info on that page, then guess what...

Perfectly said- many of these scam emails will request personal info from the recipient so that that person could share the 10 million USD windfall from something or other. No Security Product will protect a user from being a Moron.

 

[Quassar]

These are what you can do

1) Choose a DNS which offers good phishing protection
Q&A - Phishing Protection — Comparing DNS Security Filters
2) Choose an AV/AM which offers good phishing protection
3) Use a web filter like K9
4) Use extensions like Netcraft, Malwarebytes etc or filters in your extension
5) Choose a browser with built-in anti-phishing protection

Well all of this kind dont protect you against spam and phising on adress e-mail
if you got direct mail on your mailbox....

 

[HarborFront]

Well all of this kind dont protect you against spam and phising on adress e-mail
if you got direct mail on your mailbox....

If you have a good AV/AM with spam protection it should help or can use your email client to fight against spam mails

Some good recommendations here

Get Safe Online

 

[shmu26]

Not fanaticism, just experience. If I could breach it with an email link I would drop CF quicker than I do boyfriends.



Perfectly said- many of these scam emails will request personal info from the recipient so that that person could share the 10 million USD windfall from something or other. No Security Product will protect a user from being a Moron.

Another point that many people overlook is that a downloaded malware file will normally just lie there, dormant, until the user makes the bad decision to click on it.

 

[Quassar]

@HarborFront


Not at all if smb send you spam mail you can be sure you will get more and more in shorten time.. because they already know/have your e-mail and, you are next one of xxx person on this list.... to spam.

AV- dont stop you against obtain spams on your mails.. if you use client mail connected AV's only can detect prevent infection from attachment and block too url. And here again "IF" av detect/know links...

Its only partial securit which don't help at all cause spamers are mostly on date and fast change domains to avid detection by av and looks similar to original address, however these is also 2nd type of spam where bots genere spam with 2342342 numbers which even kids figure its spam.. but still annoy to make you bulk on your mail and also deleted it all the time spams every time from new mails can be annoying and unstoppable.

Even on this forum few ppl do pratice with test av agains url which prove how far behind thier are agains toxic links.. and it nothing new.
And no one software protect you against this.. if you get harded aimed

Only using as i wrote in previous post:
Few mails for another things/usage with aliases technique on foward: Payments/taxes, Forums, Portals. etc.
Can safe you and reduce its to minimum.

So you have to get Head on neck and look what and where you paste your data especially if its is align to payments.
I still laught from AppGuard Credit Cards giveaway ^^

 

[HarborFront]

@HarborFront


Not at all if smb send you spam mail you can be sure you will get more and more in shorten time.. because they already know/have your e-mail and, you are next one of xxx person on this list.... to spam.

AV- dont stop you against obtain spams on your mails.. if you use client mail connected AV's only can detect prevent infection from attachment and block too url. And here again "IF" av detect/know links...

Its only partial securit which don't help at all cause spamers are mostly on date and fast change domains to avid detection by av and looks similar to original address, however these is also 2nd type of spam where bots genere spam with 2342342 numbers which even kids figure its spam.. but still annoy to make you bulk on your mail and also deleted it all the time spams every time from new mails can be annoying and unstoppable.

Even on this forum few ppl do pratice with test av agains url which prove how far behind thier are agains toxic links.. and it nothing new.
And no one software protect you against this.. if you get harded aimed

Only using as i wrote in previous post:
Few mails for another things/usage with aliases technique on foward: Payments/taxes, Forums, Portals. etc.
Can safe you and reduce its to minimum.

So you have to get Head on neck and look what and where you paste your data especially if its is align to payments.
I still laught from AppGuard Credit Cards giveaway ^^

Follow the below if you are serious in not getting phished

Get Safe Online

 

[Quassar]

Follow the below if you are serious in not getting phished

Get Safe Online

Good FAQ for peoples.. but however even if you are "clean" , company and other vendors can be hacked and discover your email...

 

[HarborFront]

Good FAQ for peoples.. but however even if you are "clean" , company and other vendors can be hacked and discover your email...

For general users they should be enough. If you want serious privacy go and run TOR/VPN with secured emails and/or create some fake email accounts specially for TOR/VPN use only. And create some email accounts for general usage too

 

[Quassar]

TOR/VPN have nothing at all to cover email for gray peoles if they got name of address...
Not matter from which IP its come if its still does come..... because they offen change it to not be aimed and stoped.

And finally you said what i said in 1st post " And create some email accounts for general usage too "
some email accounts + aliases mail

 

[Deleted member 178]

I still laught from AppGuard Credit Cards giveaway ^^

i had a good laugh too , not because a credit card was needed (i saw some reputable companies doing the same before) but just because they did a giveaway ^^
But at least the credit card requirement would prevent abuses from license hoarders, 1 user = 1 CC = 1 license.

 

[cruelsister]

There is a more insidious type of email that one can get:

Clicking on the link above would direct a person to a server somewhere in China on which a person could order- of course inputting Credit card data (and as IF I would ever wear these things anyway!).

 

[codswollip]

How can you defend yourself from these attacks? Any advice?

Never click on email links. Even if "from" an institution you have business with. Instead, type its common domain URL in your browser (ex. paypal.com); log into your account, and look for a notice/message requiring your attention (if such exists).

In your case... manually log into your SDA account from your browser (do not use email link) and check your account/order status.