Even though corporate and personal email systems have dramatically improved in security features in recent years, there appears to be no shortage of scams using the now decades-old technology. The first email was sent back in 1971, closing in on 50 years ago.

Still, despite warnings and attempts at training employees, as well as the public at large, identity and monetary theft using email remains a profitable area.

One of the most lucrative scams is the old-school phishing email. Send such an email out as widely as possible and with a bit of luck the scammer is able to catch, or phish, victims who can be coaxed into giving up personal information – the identity theft part of the scam – which can then be used to execute the monetary theft component.

A successful phishing email essentially has four components: a well-crafted email with text that provokes the recipient to act quickly so that a service of some kind isn’t blocked, a believable domain name that the email appears to originate from, a page or pages that look like they belong to the company in question, and or course a victim who follows through on the scam.

Actually, many will argue with the “well-crafted” component, noting that in many cases these phishing emails have very poor grammar.

In my own case I receive typically one or two scam emails every day. I use multiple email services. My corporate email is probably the worst when it comes to blocking such material. Frequently such email will be let through by the corporate filter and then get blocked or flagged by the secondary address where I have my work email forwarded.

Of my four main email services, the best by far from a security perspective is Google’s Gmail service. In fact, it is so rare to see junk, spam or phishing emails via Gmail that when one does make it through I am quite surprised.

Recently my corporate email let through a phishing email that targets customers of Shaw Communications. I am a customer of the company but I do not pay my bills online so I knew without even opening the email that this was a phishing scam. However, I can’t resist pulling apart such scams to see how they work. For the most part I do this on a Chromebook so that any attempt at downloading a virus, say a cryptolocker or ransomware code, will simply not work.

Shaw Communications, to its credit, maintains an area on its web site where it provides examples of phishing scams that have targeted the company’s customers.

In my case, the body of the email (1) was quite believable. It included a corporate logo and the text was succinct and grammatically acceptable. However, the email appears to originate from an address (showplatineum.com) that does not belong to the company. A link (“click here”) , the key to the scam, was helpfully included.

Following through on the link brings up a page (2) where the phishing email is designed to harvest content that will let the scammer enjoy a payout for his work. In this case the scammer is after credit card credentials (card number, expiration date, security code).

There is one spelling error on this page that I initially missed, “mendatory.” The page uses a domain name, tvshawcable.com, that looks like it might belong to the company. Of course it doesn’t. In fact, a check of that domain name at the site whois.com brings up a registration listing (3), which in this case had a date that matched the date when I received the email.

In other words, the scammer was using a domain name created that day, specifically for this scam. That is a common ploy because security services will soon add these phishing domains to an alert list. Indeed, just a day later, this URL had already been flagged as suspicious when I tried to visit it from the Google Chrome browser. The remainder of the registration information is likely fake.

I completed the harvesting form with fake data, including a well-known Mastercard test number.

In order to keep anyone who actually follows through to this point from having second thoughts, the last part of the scam usually loads a legitimate page from the company site. Indeed, such was the case with this phishing scam.

Phishing emails remain lucrative. Be vigilant and don’t react to them. Phone the company if you are at all leery of such an email.

Follow me on Facebook (facebook.com/PeterVogelCA) or on Twitter (@PeterVogel).

[email protected]