Mauricio Tavares (Main Phish)
Mauricio Tavares (Main Phish)
4 min read

Categories

  • blog

Tags

  • content
  • phish
  • ipad
  • won
  • German

It has been said before that true classics are timeless and touch everyone regardless of race, colour, or language. I do not think that was originally intended to include phishing emails, but here we are. Every so often a kind soul will contribute with something in a different language, like the email below:

From: Monika Hartmann <levis@hotlineobjednavky.info>
Date: On Sunday, 8 December 2024 at 17:57
Subject: Herzlichen Gluckwunsch! Sie haben ein iPad Pro gewonnen!
To: Clueless Phish <cluelessphish@phishphillet.com>

Lieber Gewinner,

Wir freuen uns, Ihnen mitteilen zu konnen, dass Sie der gluckliche Gewinner unseres wochentlichen Wettbewerbs sind! Ihr fantastischer Preis, ein iPad Pro, wartet darauf, direkt an Ihre Haustur geliefert zu werden.

Um sicherzustellen, dass Sie Ihr iPad Pro problemlos erhalten, bitten wir Sie, Ihre Lieferdaten uber den untenstehenden Link anzugeben:

[Lieferdetails jetzt eingeben]

Wichtig: Bitte stellen Sie sicher, dass Sie die erforderlichen Informationen innerhalb von 48 Stunden angeben. Andernfalls wird Ihr Preis leider verfallen und einem anderen Teilnehmer zugewiesen.

Nochmals herzlichen Gluckwunsch zu Ihrem Gewinn, und vielen Dank, dass Sie an unserem Wettbewerb teilgenommen haben!


Mit freundlichen Grussen,
Das Team

For those who do not speak the Gluhwein langague here is a badly translated (to English) version of the message:

Dear winner,

We are delighted to announce that you are the lucky winner of our weekly competition! Your fantastic prize, an iPad Pro, is waiting to be delivered straight to your door.

To ensure you receive your iPad Pro without any hassle, we ask that you provide your delivery details using the link below:

Enter delivery details now

Important: Please ensure you provide the required information within 48 hours, otherwise your prize will unfortunately be forfeited and allocated to another entrant.

Congratulations again on your win, and thank you for entering our competition!

Kind regards,
The Team

I’ve heard of a phishing email just like that before.

Right you are, man on the sofa in your underwear. This at first glance is the ol’ prize scam, where someone is promised some kind of award that requires some “processing fee/taxes” in advance, which you can then pay by providing them with your credit card info. That’s the bait. The attack part of the phishing starts when the receiver of the email (the phish, the victim) bites by clicking on the link. Not only the attacker can get the credit card info (not as valuable as it used to be when this scam was new) but also personal information that can be used to steal the phish’s identity. And perhaps download some malware while at it.

Enough about the theory. Show me how to identify this as phishing email

Remember that a good phishing email is like a good marketing email (I am using good here in a very specific way; I do not like receiving either. Ok, I do like receiving phishing emails because without them this blog, and your entertainment, would not be possible) must show scarcity and time contraint (“you must call now or will lose an opportunity of a lifetime!”) in addition to a valuable prize so Clueless Phish will act impulsively before brain has time to catch up and go “oh, wait a minute!” Thing is, this email fails at that:

  • The email address Monika Hartmann <levis@hotlineobjednavky.info> is a dead giveaway: note the name of the person and the one used in the email do not match. Also, the name of the domain, hotlineobjednavky, sounds more gibberish put at random. Just that would make me drop this email.

  • It says they are giving out prizes every week. That is a lot of prizes, at least 52 in an year. Are they all (fantastic) iPad Pros, or are they also offering socks, plastic cups which smell you can’t get rid of no matter how many times you wash them, and ugly sweaters as prizes for the other weeks? After all, if they hand out an iPad Pro every single week, why would anyone feel special enough? They should have said “yearly” to really rub in the rarity aspect of this “prize.” If you are going to rub it in, rub it nice and hard.

  • It thanks the Clueless Phish for participating in this event. Yes, my first reaction was “Aha! I did not enter any context!” Thing is, it is quite possible, specially if you live in the US, that a company you did business with (think cell carrier, supermarket, some website) sold your information to unscruauplous data traders (are there scropulous ones?), who in turn would sell your personal information and buying habits to whoever waves money at them.

  • It wants the Clueless Phish to submit as much as personal information as possible within 48h of receiving the phishing email. That is a lot of time: I could probably cook a meal which would require me to learn how to do it and get the ingredients first, and then eat it, and then spend the night suffering in the bathroom, and I would still have time to ponder on the email. By then my brain would have prepared and shown a presentation on why clicking on that is a bad idea. Where’s the panic? If I was writing that, the deadline, I would have made it no more than 24h.

  • Unfortunately I cannot judge how badly it destroys the German grammar because I am not that good in the German language. Good enough to read without translating, not good enough to judge. Experience tells us, however, that it probably makes a native speaker’s ears to cringe.

So, overall this is a standard phishing variation of a prize scam which was, as is standard with so many phishing emails, put together in a substandard way.