Two-faced spam emails try to trick you twice
BY KERRY TOMLINSON, AMPERE NEWS
Attackers are trying an interesting tactic to try to get you to bite on their messages. They're turning one email into two.
Here's how it works.
Watch here:
One email, two faces
I first saw the email on my phone with this subject: "Your compensation amount is $25,000 approved. Claim only for today."
It says it's from someone named Mehdi Yacoubi. The body of the message displays as his newsletter, the Long Game. At one point, the link was labeled as suspicious on analysis site VirusTotal, though at last check, it was labeled as clean.
On the laptop, however, this message looks very different. The title and sender are the same, but the content is one of the infamous Camp Lejeune settlement messages about compensation for toxic water at the North Carolina military base.
Scammers have bombarded people for months with these Camp Lejeune settlement emails, leading to a flurry of complaints online.
Click on the link in this particular Camp Lejeune email, camplejeunesuit-dot-org, and you could go to a site used for phishing --- stealing your sensitive info --- or downloading malware onto your machine, according to analysis site VirusTotal.
This two-faced approach is an unusual tactic. It's the same message from the same account, but with two completely different looks, one for phone and one for laptop.
What's going on?
This double message is a two-for-one for the attacker, said researcher Jeremy Fuchs of security company Avanan.
If one lure doesn't work on you, the other might be more successful. And you might just fall for both.
"This attack is a clever way of doing it, since the user may not realize it’s the same email," he told Ampere News. "The advantages are many—it gives the hackers more chances and opportunities to get the user to do something they shouldn’t do. "
What should you do?
Take a few extra seconds to inspect email, Fuchs advised, especially when you're on your phone.
"It’s harder to hover over the offending link to see where it’s going on mobile," he said. "This gives the attacker more pathways to potentially gain information from the user."
On the phone, you can press your finger on the link --- without clicking on it --- to see what it really looks like, Fuchs said.
On your laptop, you can put your cursor over the link, once again without clicking, to see the real link.
Check out the sender's email address as well. Does it match the message? Does it look strange?
When in doubt, don't click. Look up the info on your own if you're interested.
Results
A few extra seconds could save you, not from getting the emails, but from getting taken by attackers exploiting sick veterans to steal your data and money.
There are legitimate Camp Lejeune settlements. If you think you might be affected, you can search those up separately. The U.S. Department of Veterans Affairs has information about who may receive compensation and how.
Ampere News contacted accounts for Mehdi Yacoubi of the Long Game newsletter on Twitter and LinkedIn but received no response. We'll update the story if he responds.