Product placement in the movies and on TV has been with us from the early days. It used to be extremely overt and in your face. Much like phishing attacks, product placement has grown more covert. It’s still exists but is subtler by implanting itself in our subconscious and is cleverly woven into story lines and subplots without us knowing it’s there. Our subconscious is exactly where cyber criminals often set their phishing trap.
One particular product placement came to mind when INKY pulled this FedEx-flavored catch of the day out of the digital depths, remember Castaway with Tom Hanks? That whole movie was basically an advertisement for FedEx and Wilson volleyballs, and you may not have even noticed.
Today’s attempt to bait an employee failed to fool INKY (as they all do), but as in many brand forgery attempts the attacker took the time to perfectly mimic a legitimate FedEx tracking notification.
Note the logo and fonts. There is even a little graphic letting you know that your package is on the way. It’s well presented isn’t it? With so many of us online shopping these days, clicking to see when delivery is expected isn’t out of the question.
That’s what you and I see though. What INKY spotted speaks to her unprecedented vision and relentless nature:
And guess what? She’s right! Clicking on the tracking number takes the recipient to a phishing site and where they're looking to gather sensitive data or install malware.
Here is the thing, there is no reason to expose yourself or your organization to phishing attacks. INKY’s phish fence makes sure that when you receive a shipping notification, it’s actually a shipping notification. INKY annotates every email to ensure their fidelity and is loud about it when they are in question.