Tools Utilized

For this analysis, I utilized the following tools:

• Whois by DomainTools
• VirusTotal
• URLScan
• Sublime Text 3

Securing the Account

Despite being compromised in 24 data breaches, my account has remained secure, largely due to my use of Multi-Factor Authentication (MFA) and the outdated nature of previously leaked passwords. Nonetheless, I still faced hundreds of login attempts every day. To combat this, I aimed to secure my Microsoft account while still receiving emails. This is where aliases come into play. Microsoft allows users to create multiple aliases for a single account, enabling me to disable sign-ins for the compromised email while maintaining access through a new alias.

Configuring Sublime Text

By default, email headers in Sublime Text appear as plain text. However, thanks to a package by Richard Davis at 13cubed, we can easily parse headers with syntax highlighting.

1. Open Sublime Text and press SHIFT+CTRL+P to access package control.
2. Search for "Email Header" and install it.

Now, your email headers will be highlighted, making analysis easier.

Email 1: Prime Video Account Activity On Hold

This email is a clear phishing attempt. The sender's name claims to be "Prime Video," but the email address is suspicious. The subject line tries to create urgency, and the body is vague, containing a generic attachment name.

After checking the attachment on VirusTotal, it showed no detections.

The first video, "Behind the Scam: Decoding the Secrets of Fraudulent Emails," offers insights into recognizing and avoiding such scams.

Opening the PDF revealed numerous spelling errors and a lack of personalized information. These are classic signs of phishing. Always be cautious with attachments, especially those that look suspect.

Email 2: Urgent Security Change Notification

Another email clearly designed to prompt immediate action. Its sender domain doesn't match the company mentioned, and the content is alarmist with an unsolicited PDF attachment.

The second video, "Deconstructing Sophisticated Phishing Attack Techniques," further explains the tactics scammers use to deceive users.

Opening the attached PDF revealed more red flags: generic greetings and a lack of real information. Familiarize yourself with these warning signs to avoid being victimized.

Email 3: MetaMask Account Deactivation

This email purportedly from MetaMask contains strange formatting and urgent threats to deactivate my account. The sender’s email address is dubious, and the email uses Cyrillic characters to evade filters.

When I opened the linked PDF, it was riddled with errors and a call to action designed to incite panic. Always scrutinize such emails closely.

Email 4: Next of Kin

This common scam typically claims a lucrative inheritance without any verification. The generic sender name and email domain are significant red flags.

Investigating the sender’s domain revealed it to be a legitimate educational institution, but likely hacked to send spam. Always verify the credibility of the sender.

Email 5: A $10 Million Offer

This email is riddled with inconsistencies, including a mismatch between the sender’s name and email address. The informal language and unrealistic promises are classic signs of a scam.

Reporting these accounts is crucial to protect yourself and others.