Anatomy of a dumb spear-phish: Hitting librarians up for Zelle, CashApp cash

Enlarge (credit: Sarah Shuda / Flickr)

Here's a clue for would-be Internet financial scammers: do not target librarians. They will catch on fast, and you will have wasted your time.

Yesterday, the former outgoing chair of the Young Adult Library Services Association's Alex Awards Committee (and my wife) Paula Gallagher got a very odd email that purported to be from a colleague within her library system who is a member of YALSA's board. The email asked, "Are you available to complete an assignment on behalf of the Board, And get reimbursed? Kindly advise."

There were a few things off about the email. First of all, while the first half of the email address that the message came from matched the email address of her colleague, the domain name was very phishy: Reagan.com, a site that offers "secure private email" to users who want to "keep President Ronald Reagan's legacy alive." The purported sender of the message was, to put it mildly, not a big fan of President Reagan's legacy. (Ars attempted to reach the operators of the Reagan.com site for comment, but they are very privacy-minded.)

Read 10 remaining paragraphs | Comments

via Biz & IT – Ars Technica https://ift.tt/2SWKYwx