The latest phishing attack to hit inboxes on campus is absolutely diabolical.  It looks 100% legitimate and contains legitimate looking links. In addition, the technique the clever criminals are using  by-passes our protective measures preventing us from keeping it out of inboxes. If we block it, we block all MailChimp emails.

Lets take a closer look at this bad boy.

 

 

Pretty impressive isn’t it? What is even more impressive is hovering over the links displays Mandrill.com which is MailChimps legitimate tool for tracking clicks, dealing with payments and account settings etc.  However, if you click the link you get sent to:

 

 

While us14-mailchimp kinda looks legit, it is the wrong URL for MailChimp. However, the page looks like a MailChimp login page.  We didn’t follow along further to see what happens after you enter your username and password. However, we are pretty sure the next page would be asking for credit card information.  The crooks are pretty darn smart. If you login and then get wise and not enter your credit card information, they still get access to your MailChimp account which they can use to send out more phishing emails to other unsuspecting users.  It’s brilliantly done.

As smart as the hackers are, Mount Royal employees are smarter. This email was forwarded to abuse@mtroyal.ca by one of our own.  That’s right, one of our own employees tagged this bit of nastiness.  I couldn’t be prouder! They didn’t recall having a paid MailChimp account and recognized that the sent email address was off.

So how do you protect yourself from an attack this well executed? Do what your colleague did, don’t click the links in the email. If you have a MailChimp account, login to it directly using a bookmark or search result. If there is a problem with your account, the information will be available there. If everything turns out to be in order, you know the email is a phish. Forward it in it’s entirety to abuse@mtroyal.ca and your work as a cyber security superhero is done!