More fake news emails from ‘CNN’ and now ‘MSNBC’ aren’t picked up by Outlook.

Once a spammer or phishing baddie finds a way to bypass common spam filters they or copy-cats will quickly take advantage with similar messages.

After the ‘successful’ message pretending to be from CNN and their ‘Daily Top 10’ service there followed a variant ‘from’ the ‘CNN Custom Alert’ service.

It was quite predicable that we’d see a phishing message using the popular ‘CNN Breaking News’ email as the trap. The phishing message is quite similar in format with a fake (non-CNN related) sender:

(we’ve removed the ‘to’ and ‘from’ email addresses for privacy reasons, even though they are almost certainly fake). The links to the ‘news’ story lead to non-CNN sites as you can see in the above example.

Luckily for those of us making Outlook rules to handle these pests, Office Watch has subscribed to the real CNN Breaking News email for many years. That lets us create a rule which detects the fake messages and leaves the real ones alone.

Based on that we can make a rule using the subject line of the phishing message (“CNN Alerts: Breaking news”)which, at least for the moment, is different from the real CNN message.

Of course that only works for the moment, doubtless we’ll see more variations on the fake news emails for a while yet. Sadly the August release of Microsoft security updates has passed without an update to the junk email filter (the most recent one is July 2008).

MSNBC

The phishers are applying a similar tactic with the unwanted messages appearing to come from MSNBC.

It’s the same scam; appearing to be from a known TV news network and some of the links pointing to the real web site. But the important link to the ‘news’ story goes somewhere quite different and potentially dangerous.

So we’ve seen CNN and now MSNBC fake emails, presumably BBC, Fox News, Al Jazeera et al will be faked in the coming weeks and months.

See Also

• Get alerts from Outlook RSS feeds
• Fake emails missed by Outlook
• Fake HR emails with virus
• Spam filter update for Outlook 2003
• Do you have the latest Junk Email filter?
• When Outlook doesn’t detect a spam message
• More CNN based phishing missed by Outlook
• Outlook isn’t catching ‘CNN.com Daily Top 10’ phishing trap