This phishing attempt is going around. It’s obvious it’s a phishing attempt, but I think it has the potential to fool people, so I’ll break down what makes it obvious to me that it’s bogus.
From: SBL Spamhaus [mailto:******@varmaalayam.com]
Sent: July 14, 2020 12:10 PM
Subject: Your email is listed on the Spamhaus Block List – SBL #6761843436
SBL Reminder: Email: Your email address moved to Spamhaus Blacklist (SBL)
SBL#4697172748 – The Spamhaus Project – SBL International Anti-Spam System
It is automated letter from the original Spamhaus Block List (SBL) instance to notify you that this Email slightly below has been included in sbl.spamhaus.org:
Issue: phishing spam supplier
SBL Ref: SBL2654249984
Our software have discovered redirecting of a variety of spam letters off of your own email address. Consequently, we have been forced to blacklist your mail.
You need to resolve the issue in 36 hours. You need to do several steps to approve your mail. We are going to attach the guide:
DOCUMENT PROTECTED WITH A PASSWORD: SBL2020
In case you pay no attention to this information, we could suppose that this email address doesn’t belong to you and it’s used for trash mailings. This must means, that we will be forced to include your e-mail address to our stop list.
Which means that recipients will be unable to receive emails out of this address your email will be suspended forever.
SBL System Robot
The Spamhaus Project
The Spamhaus Project is a legitimate anti-spam organization. Learn more about them at https://spamhaus.org. This message tries to piggyback on Spamhaus’ credibility to get you to take action. Let’s break down what makes this an “obvious” phishing attempt.
1. Spamhaus Won’t Contact You
Google won’t call your business to tell you your business can’t be found. Microsoft won’t call to tell you that hackers have gotten into your system. Spamhaus won’t email you to tell you you’re on their blacklists. Why? Because if you were really a spammer, they’d want to keep you blocked so telling you would be working against their reason for existing.
2. Email isn’t From Spamhaus
See the “from” address? It’s not even from Spamhaus. Look at the address, not the name. BTW, just looking at the “from” address should reveal 90%+ of phishing attempts.
3. Wait, What Email Are They Talking About?
“It is automated letter from the original Spamhaus Block List (SBL) instance to notify you that this Email slightly below has been included in sbl.spamhaus.org:”
The message above was the whole message. There was no message “slightly below”. There’s no proof of any wrongdoing on your part.
4. Atrocious Grammar
Heaven help us if spammers ever start using proper grammar. Read the message aloud to yourself. Bad grammar is a definite giveaway.
5. Grave Threats and Deadlines
“You need to resolve the issue in 36 hours.” “. . . your email will be suspended forever.”
Nonsense. No anti-spam organization will suspend an email forever. That’s not how the systems work. It’s entirely possible for a domain or IP address to be added to a blacklist, but it’s also possible to be removed once it’s demonstrated that there is no more spam originating from that source.
6. Circular Logic
“This must means, that we will be forced to include your e-mail address to our stop list.”
Wait – the subject line of the email was “Your email is listed on the Spamhaus Block List”. If it’s already listed, then why would they be forced to include your email address if you don’t take appropriate steps? It’s already listed . . . so this doesn’t make sense.
7. Attachments with Odd Filetypes
The original message came with a file named:
The .7z file format is used by the open source 7-Zip compression software. It’s a legitimate piece of software, but what kind of organization is going to send you some odd kind of guide in a .7z format when a PDF would be so much more universally-accepted? In general, you should never open a zipped (compressed) file from someone you don’t know. Even if I know the sender, I don’t open UNEXPECTED zip files I receive from my contacts.
So there you have it: 7 ways that this is obviously a phishing attempt.
I hope you found this information useful. If so, please share it with your friends, family, and business colleagues! In a non-spammy way, please 🙂