Common Phishing Email Warning Signs

If you suspect you have received a phishing email impersonating Mailgun, please send the email headers to abuse@mailgun.com.

When you get an email from a company that you recognize, you assume that the message you get is legitimate. Unfortunately, people now have to second guess any password reset and updating billing email thanks to phishing attempts.

In case you need a refresher, phishing emails are emails that spoof legitimate businesses to gain your personal information. These emails lead to a landing page that asks you to input your personal data like your login or social security number, thus collecting your info.

A few years ago, these phishing attempts always looked like a scam. Bad grammar, broken email templates, and outdated logos used to be the best hallmark signs for a phishing email. Spammers caught on that they needed to be craftier, and create more convincing phishing emails. Take a look at this one that we’ve been seeing recently:

Pretty compelling, right? But wait, it gets worse. This is the landing page it sends you to if you click the link:

This can fool just about anyone into thinking that the email they received is legitimate. Even the smartest person can have an off day where they fall for an email like this. Now the spammer has your login credentials, and you can get locked out of your account due to the compromise.

Here’s how to spot a sophisticated phishing attempt

Sometimes looking for spelling mistakes and formatting errors isn’t enough. If the spammer has really committed to their scam, they’ll do what it takes to make the email they send you look legitimate. Take for instance the email shown above, it looks like it came from Mailgun. The formatting on the email is a little off, but the biggest sign that jumps out to us is the from address. We as a company know that we don’t have a `service@mailgun.org` address, but not everyone is going to be privy to that information. 

Message Headers

Instead, we advise that you take a look at the message headers. These headers will give you every single last detail of a message – including who and where it’s actually coming from in the first place. You can usually find the headers by looking at the `more` options of a message, and clicking on `show original` from there, you will receive the headers. 

For some, reading headers is second nature, but for those of you who aren’t looking at phishing and spam attempts all day, you can use tools like MXToolBox to parse the headers for you. If it doesn’t have the right authentications in place like DKIM tied to the message, it isn’t coming from the real sender.

Landing Page URL

The URL of the landing page the email sends you to will always give away a phishing attempt. The example above is a bit tricky because the beginning of the URL looks pretty legitimate. It tries to trick you with the `mailgun-com,` hoping that your eyes will gloss over the fact that it isn’t our website. If that isn’t enough, the rest of the URL is just as bogus. Always be sure to double-check the URL anytime you are sent a message asking for personal information. 

What else can you do?

Outside of being vigilant about phishing attempts, there are some added steps you can take to keep yourself and your data protected. For starters, make sure you have 2FA enabled on every account you have. This added security measure makes it much harder for spammers to access your information. Consider using password generators and password banks to update your passwords regularly, just in case you have to update your login credentials in a pinch. 

Beyond that, it’s imperative that you inform the company that is being spoofed and the ESP the phishing email is coming from. Once they are made aware of the situation, the company in question and the ESP can work on mitigating the reach of spammers sending out those messages. 

Should you suspect that you’ve received phishing attempts that look like they’re coming from Mailgun, please send your message headers to abuse@mailgun.com. We’ll take it from there.