Count the Phish: Sears Webpage
This webpage contains one or more red flags that makes it a phishing site. How many can you find in this phishing example? Click to enlarge.
Answer: There are 5 red flags in total. Let’s take a look.
- Examine the page URL. Here, the attacker has used what’s known as a ‘subdomain attack.’ The domain “searshome.com” is clearly not the real web domain of Sears. Attackers often try to take advantage of the fact that a lot of people wouldn’t be able to tell the difference between a domain and a subdomain.
- The second and most obvious red flag is the “mcafeesecurity.icu” pop-up. It clearly looks phishy and has no place on a reputable website like Sears.
- The attacker has inserted a fake login form directly onto the main homepage to steal your credentials.
- The other strange thing about the login form is that it says “Email (Gmail Only).” That is clearly phishy! Why would a company like Sears do something like that?!
- This last red flag is a bit tricky. If you notice the “Click here” hyperlink, it contains the actual sears.com link to lure you into thinking the link is trustworthy. But if were to click that link, the actual URL would go far past the end of the address bar and contain a malicious script that would execute once you click. The tipoff is the "data:text/html" text at the start of the URL. If you see something like that, avoid the URL completely, as this is a common phishing trick.
Click to enlarge.
Get a curated briefing of the week's biggest cyber news every Friday.
Turn your employees into a human firewall with our innovative Security Awareness Training.
Our e-learning modules take the boring out of security training.
Intelligence and Insights
![Boost Business Value](https://ermprotect.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
From Compliance to Advantage: Using PCI 4.0 Certification to Boost Business Value
In this comprehensive guide, we explain in simple terms every aspect of complying with the NIST Cybersecurity Framework 2.0 …
![financial institutions](https://ermprotect.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
5 Major Cybersecurity Risks Banks and Financial Organizations Face
In this article, we outline some of the most common cybersecurity attacks that banks and financial institutions can be vulnerable to …
![How Merchants Can Become PCI-DSS Certified](https://ermprotect.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Follow These 4 Steps to Achieve PCI DSS Certification
For all organizations that process payment cards, the Payment Card Industry Data Security Standard (PCI-DSS) certification is high up the data security and compliance priority list …