We have recently encountered a more elaborate phishing scheme, one which includes cleverly hidden links.
Some days ago we received an email titled “American Express has an important update for you”. Funny, I don’t recall having an AMEX account… and the email from which the message was sent from was all to suspicious and not connected to AMEX: [communication.4abr7w64haprabracrafray552dreste[at]azurewebsites.net].
Still, I kept reading the message which was all about the new anti-SPAM law:
Effective July 20, 2014, United State’s new anti-spam law comes into effect and American Express wants to ensure that your representative will be able to continue sending you emails and other electronic messages without any interruptions. In addition to messages from your representative, we may also send you other electronic messages, including but not limited to newsletters and surveys as well as information, offers, and promotions regarding our products and services or those of others that we believe you might be interested in (“Electronic Messages”).
The next paragraph contained a request to click an “I Agree” link to express consent to receiving Electronic Messages from AMEX.
The hyperlink points to bit.ly address. Here’s the catch.
We all know that by hovering above a suspicious link we can usually see where it points to, and this is usually different than the link itself (the link could say “americanexpress.com” but hovering above it will show the real address “russianspammers.ru”).
So in this case we cannot simply identify the destination of the link. What can we do?
Simple. Just paste the link address in getlinkinfo.com (or similar service), and voila, you can see the original link (and in this case, with a warning attached).
So other than the cynical use of anti-SPAM email to actually promote SPAM, the sender cleverly hides the real address inside a URL shortening service, making it more difficult to detect for the unsuspecting eye.