Jeffrey Ladish, an independent researcher and security consultant, wrote about a sophisticated credit card phishing scam he encountered while looking for a place to rent in Berkeley, California.
I was recently the (unsuccessful) target of a very well-crafted phishing scam. As part of a housing search a few weeks ago, I was trawling craigslist and zillow for rental opportunities in the SF bay area. I reached out to a beautiful looking rental place to inquire about a tour. Despite my experience as a security professional, I didn’t realize this was a scam until about the third email! Below I will account the story in excessive detail including screenshots.
I’m writing this to illustrate that the best phishing attacks will look very convincing. Often people are told to watch out for poor grammar and formatting to protect against phishing. This will work in some cases, but not in cases like the one I’m about to show. Sophisticated scammers use good English and pattern-match with legitimacy.