Wired
The editorial department of iPhone Mania receives a lot of emails every day, including a considerable number of phishing emails.
Therefore, I classified the phishing emails that arrived in about a month, and summarized which company pretended to be the most phishing emails and what the content was. Finally, it also touches on countermeasures.
Overwhelmingly many unsolicited emails disguised as Amazon
From May 21st to June 27th, 2021 (as of 5pm), the total number of phishing emails sent to the editorial department of iPhone Mania was 197.
When these emails were categorized by “disguised destination”, Amazon accounted for 128 emails, more than half. The next most common was MI Card (MI Card Co., Ltd., Isetan Mitsukoshi, etc., with multiple sender names), followed by Rakuten (Rakuten, Rakuten Card, etc. with multiple sender names), with 18 messages.
Those with double digits or more are pretending to be three companies, and the following are Epos Card (8), Resona VISA (5), Aeon (4), Mitsubishi UFJ, Vpass (2), and 10 or less. I will. Other than that, there was only one, ETC, Evernote, SMBC Finance, Viewcard, Yodobashi, JCB, and Jacks.
The table below summarizes by date. The number of unsolicited emails that arrived on June 26 was outstanding at 15, but overall, there was no particular tendency for them to arrive on a particular day of the week.
Many of them have inferior content
The content of phishing emails varies widely. For example, in the case of an email disguised as Amazon, “Account cannot be updated”, “Account has been suspended”, “Amazon Prime auto-renewal setting has been canceled”, “Payment information needs to be updated”, “Check the order status” The mainstream content is “I want you”, and although there were emails that used the Amazon logo without permission and made it look like it was a real Amazon, most emails seemed to be “funny” when you read the content. It was a thing.
These seem to be aimed at shocking the user with the subject (such as an account being suspended), giving them less time to think calmly, and having them click on a link in the email. If you read it calmly, there are overwhelmingly many typographical errors and unnatural sentences.
Some of the emails were suspicious, such as “Amazon. Hijo” and “Amazon Tsuuchi” from the sender.
How to protect yourself from phishing emails
Turn off “Load images on server”
In some of these phishing emails, there is a mechanism called “tracking pixel” that informs the recipient of the opening of the email, the time, terminal information, etc. just by opening the email.
To prevent this, for iPhone / iPad, go to “Settings” → “Mail” and turn off the toggle of the “Messages” item “Load images on the server”.
IOS15 / iPadOS15 and macOS Monterey, which are expected to be released this fall, will introduce the “Email Privacy Protection” feature, which will block tracking pixels.
Never click on a link
Don’t click links in emails. For example, if you receive an email from an Amazon “likely” recipient, enter your bookmarks or the URL of the Amazon site directly to verify your account.
(lunatic)
Source: iPhone Mania