PSA: Lookout for Fake But Legitimate Looking Emails
SCAM ALERT from PCCC & Raptor: Lookout for Fake But Legitimate Looking Emails
IMPORTANT ALERT: PCCC has seen a rise in phishing emails that look like they are from major players like Microsoft, PayPal, Docusign, Venmo, and others.These emails can look VERY legitimate and one key sign they are NOT is that they have a scam phone number they want you to call. Some also feature links with credentials scams where the page LOOKS like a real login screen but isn't.
Don't interact with the emails if you aren't expecting them.
Don't call the number.
Don't enter your credentials unless you are certain a login prompt is real.
Remember: You can always use PCCC's Phishing Hotline by contacting Raptor Review to confirm if something is real!
Where You Can Find PCCC in Q1'25
M3AAWG 2025 - February 17 - 20, 2025
Our CEO Emeritus, KAM, will be in attendance at the 63rd M3AAWG event in Portugal.CloudFest EU 2025 - March 17 - 20, 2025
Our CTO, Giovanni Bechis, will be attending CloudFest EU in Germany.You can find any additional updates on what events PCCC may attend or be found on our LinkedIn.
Things to Look for in Emails that LOOK Legitimate but Aren't
With the New Year, many people around the world come up with New Year's resolutions. Alongside the new goals for change, there tends to be a rise in bad actors trying to take advantage of lowered security consciousness.One way that bad actors will attempt to scam people out of money, credentials, and other private information is to try and get you to click on a link in an email that LOOKS legitimate.
A few ways to be safer when interacting with emails that LOOK like they are legitimate but may not be are:
Double Checking the email in its entirety. Verify the sender is FROM an email from that domain and you receiving the email makes sense. If you're unsure why you may be receiving an email from that company, go online and find their official support number to then reach out directly.
DON'T blindly trust the email as they may be hiding redirects in buttons and links that go to dangerous websites or download things to infect your computer. It is generally safer to look online for the proper phone number than to trust a phone number in the email.
Check if the email is requesting "credentials" or is for a non-existent purchase asking you to call a phone number. These are both tactics that bad actors attempt to use in order to dupe people into giving up credentials so they can use them for their own purposes.
For example, when using Docusign, often they only need an email address, however if you have a Docusign account that you are logged into, you should NOT have to directly enter your credentials as Docusign would recognize that you are officially logged in.
PCCC's Phishing Hotline can help you. If you are EVER unsure if an email is legitimate or it was potentially miscategorized, please contact us.
Upcoming Raptor Features
Continued Improvements to Raptor Remark Tags
In the last quarter and into the future, PCCC is committed to continued work on improving our Raptor Remark Tags in order to help better protect Raptor users.Features Added Last Quarter
Redirector plugin for SpamAssassin
PCCC implemented the use of the SpamAssassin Redirector plugin that can extract the final destination URI from web links if a redirector is involved, so that redirectors cannot be used to hide bad uris.This is to help better identify potential scams and phishes that make use of a link in an email that then redirects to a malicious site after you click on it.
Improvements on PDF URI extraction on SpamAssassin
For the PDFinfo plugin, PCCC's CTO Giovanni has improved URI extraction so that more URIs written inside pdf files can be analyzed.This helps verify if malicious URIs are hidden in a PDF attachment with the express purpose of avoiding Spam scanner technology.
Did You Know? Raptor Feature Corner
Raptor Company-Wide Auto-Responder
Ever needed to send a response to every email for your firm? Snowed-in, Moving, Power Outage, or Company Retreat?Raptor Company-Wide Auto-Responder will:
- Automatically respond to let senders know what's going on.
- Doesn't reply to spammers, mailing lists or automated messages.
- Only send 1 email per sender per 24 hours.
Once on the correct server, login with the Raptor Admin credentials and go to the Raptor Company-Wide Auto-Responder page to then input the message and enable the feature's functionality.
Raptor Spam Stats Corner
Exactly how much spam do we see?Highest Spam Percent in the Last 60 Days: 16.5%
Highest Spam Percent in the Last 90 Days: 16.5%
Average Spam Percent in the Last 30 Days: 16.2%
Average Spam Percent in the Last 60 Days: 16.8%
Average Spam Percent in the Last 90 Days: 16.8%
To see your domain Raptor Spam Statistics, you can navigate to raptor.pccc.com and enter your domain to be redirected to the server that you are deployed on.
Login to your Raptor Admin Dashboard and navigate to your Raptor Statistics either via the top Raptor Admin drop down or through the Spam Statistics Tile.
Tip of the Quarter
Be Careful What You Post on Social Media
With the turn of the year from 2024 to 2025, we know a vast amount of people come up with New Year resolutions to work on and complete throughout the year.With such resolutions also often comes more freedom in the information that is posted on social media platforms. These posts fall under what we call Open Source Intelligence or OSINT.
As such, with the new year, bad actors spend quite a bit of time trawling through a vast number of social media posts that more freely share information than normal. The bad actors then use this information to create compelling phishing attacks.
As such, minimizing available OSINT from social media can help protect against some sophisticated phishing attacks especially when making posts that don't have a limited audience!