As I checked my email inbox this afternoon, I discovered an email which was supposedly sent from CNN. The subject line was CNN Alerts: My Custom Alert. The problem is, I’ve never configured custom alerts on the CNN webpage. However, The email looks very legitimate and I almost clicked on the links until I noticed that the FULL STORY link points to a site other than CNN. Check out this screenshot.
I’ve never received a phishing email which has appeared to originate from CNN. I’ve received similar looking emails from Paypal, Ebay, Chase bank, Bank Of America, etc. They almost fooled me on this attempt.
The funny thing is, when I typed in the URL of the full story link into Google, I checked out the search result for the McAfee Site Advisor and according to them, the site is just fine, no significant problems found.
Here is what I find disturbing. How many people do you think may have been as careful as I was with this link and checked out the site advisor page only to see that there was not any problems associated with the site thus, they went ahead and clicked on the link? Thankfully, the comments section of the McAfee post filled me in on the details:
“…didn’t find any significant problems.” Better look harder!!!
CNN.com Daily Top 10 spam has disguised links to <http://www.blackhawkk9.com/cnntop.html> concerning which:
DANGEROUS: LinkScanner Online has found [Trojan Fake Codec]
Yeah, as well as clicking the fake link of your choice they want you to download a trojan loader, submit your machine to a botnet and further their aims to rule the observable universe (nice work if you can get it).
(Owned by GoDaddy.com Inc)
Registrar: GoDaddy.com Inc
Also, I sent word about this email on Twitter and many other people have reported receiving the same thing.
Word of warning, do not click on the links within this email. Immediately send it to the trash bin or your spam folder or simply delete it. Although this email smelled phishy, this phish almost took the bait.