A new phishing message is arriving in Inboxes and mostly not being caught by Microsoft Outlook’s anti-spam and phishing filters. We have details and how to block the fake emails.
A new phishing message is arriving in Inboxes and mostly not being caught by Microsoft Outlook’s anti-spam and phishing filters.
The message is headed ‘CNN.com Daily Top 10’ with the sender as ‘Daily Top 10’ and a constantly changing (and probably fake) senders address.
The phishing message looks sincerely from CNN. It mimics the design of the CNN site, the headlines used are current ones and the top link does point to the real CNN site. But the majority of the links are NOT legitimate and point to various phishing sites you don’t want to visit. Many image links are to cnn.net – not the real cnn.com
Of course, the message is NOT really from CNN. CNN does have a ‘Daily Top 10’ email newsletter but the sender is consistent and all the links are to CNN.com
All up this is a clever phishing effort – designed to fool both people and computers. I suspect variations on this theme will appear over the next few days and weeks.
On our test machines set to High junk email filtering (Actions | Junk E-mail | Junk E-mail options) in Outlook 2003 and Outlook 2007 normally don’t move these messages to the Junk E-mail folder. Most are left in the Inbox.
On the upside, the picture links are blocked by default in Outlook.
A suggested Outlook rule
Since Outlook can’t currently deal with all these bogus messages, you can setup a rule to deal with them. If you don’t get the real CNN ‘Daily Top 10’ message then you can create a rule which looks for that text in the senders name and moves the message to the Junk E-mail folder. ( The senders address changes for each message so that won’t work in the rule. Using the subject line in the rule might conflict with real CNN messages. )
A manually created rule is just an interim measure until Microsoft’s next update to their spam filter which should deal with these messages properly.
It’s quite possible that variations on this phishing scam will come out and any rule you create will be obsolete. You might decide the easiest option is to simply hit the delete key when you see these Inbox pests until a permanent solution is rolled out.
- Deleting Dr. Oz
- Catching ATT bogus messages
- How to ‘refuse’ emails in Outlook
- LinkedIn fake messages
- ‘Summary of Payments’ infected ‘Excel’ email
- Windows Live ID confirmation – bogus!
- Places to find missing emails
- Outlook support spam
- Fake HR emails with virus
- Spam filter update for Outlook 2003
- Do you have the latest Junk Email filter?
- Fake Windows update ignored by Outlook’s email defences
- When Outlook doesn’t detect a spam message
- More ‘news’ spam not detected by Outlook
- More CNN based phishing missed by Outlook
- Outlook can’t detect bogus Security Bulletins
- Disappointing Outlook Junk Email update
- Time off around the world
- 12 Step program for email junkies
- Office 2003 anti-phishing feature
- Anti-phishing feature for Outlook 2003 in SP2