Armand here, RPost’s sporty product evangelist. This week while watching Major League Soccer’s “decision day” games, I got an email and viewed it in my Microsoft Outlook email program on my laptop.
It was such an obvious, seemingly poor attempt at the beginning of a cybercriminal impersonation scheme. Obvious, since the email appeared as if written by our RPost CEO, the email address name field had his name (easy to fake of course) but the email address was not what I would consider anything close to a lookalike domain.
As you can see below, the name was correct (Zafar Khan) but the address was obviously not his nor even anything remotely appearing like an RPost.com domain address.
A blessing in disguise. Obvious fake.
Why would the cybercriminal not bother to make this cleverer? (Believe me, I have seen some very clever lookalike domains in the past used to impersonate people). More on this in a bit…
I got back to watching soccer, fixated on the October 19 Inter Miami and Los Angeles Galaxy games. Inter Miami was the top team in the Eastern Conference yet was down 2 goals to the 14th placed team, New England Revolution. Luckily, Inter Miami was able to save themselves from embarrassment and tied it up before half-time.
In the 58th minute, the old man himself, Lionel Messi, stepped onto the pitch… and the New England Revolution didn’t know what was in store for them. After a minute of Messi walking around, he was able to assist Benjamin Cremaschi, allowing them to finally take the lead.
That was not the only accomplishment for Messi in this match. He went on to score a hat trick, scoring all goals within 11 minutes. The final score came out to be 6-2 with Inter Miami coming out on top. This was a casual performance for Messi as he is known for being the difference maker (the GOAT in my not-so-humble armadillo opinion). This is his first full season playing in the MLS and he has helped Inter Miami break a record. He was a key factor for the team as they achieved a total of 74 points this season. In the previous season, Inter Miami finished with 34 points, but Messi contributed to doubling that number.
Messi for sure was a blessing in disguise.
Meanwhile, the LA Galaxy was in first place in the Western Conference when the LAFC game ended yet finished the season in second place. How does this even happen when both games start at the same time? The LAFC game ended 3-1 in their favor meaning that they would clinch the number one spot if the Galaxy lost their game. Now, Galaxy was losing 1-0 going into the 95th minute before receiving a penalty which they later scored, equalizing it 1-1 late in the game. Galaxy finding themselves tied meant that they would still clinch that number one spot in the Western Conference. However, it did NOT end like that as with the last kick of the game in the 11th minute of added time, the former LA Galaxy defender scored on the Galaxy with the last touch of the game, ending the Galaxy’s hopes for the first place. So, to understand this correctly, the LA Galaxy were in first place by the time LAFC ended their game but somehow in some way ended in second place in the Western Conference by the time their game ended.
Ugh. No blessings…
Now I know the idea of the LA Galaxy not finishing in first place hurt all Galaxy fans, but there is a positive. The team’s road to the MLS Cup got easier by their finishing spot. Instead of possibly playing against teams like Seattle and Portland who they usually struggle against, they have more favorable matchups with Colorado and possibly Minnesota or Real Salt Lake.
Therefore, even though the LA Galaxy did not win the Western Conference as they should have done, it could have been a blessing in disguise. Obviously, though, it has to be said, that no matter who from the Western Conference makes it to the MLS Cup final, they are going to lose to Inter Miami. It’s written in the script (in my humble armadillo opinion).
The games ended and I did what thousands of other fans did; looked down at my phone and checked my armadillo RPost email account.
Funny, there was that email that I saw earlier that was an obvious fake. But wait, now seeing the email on my phone email, I realized the email address was masked and all I could see was our CEO’s name, Zafar Khan. Suddenly the email looked authentic (albeit this one still missed the mark due to some strange punctuation elements).
Ultimately, the blessing in disguise here was the fact that I viewed the email in Microsoft Outlook first and could obviously see the fake, rather than in my webmail or mobile email program where the fake address was obscured. Hmmm…
The revelation? This seems to be why the criminals often don’t take the time to even purchase the lookalike domain – they are mass Phishing and assuming some large percentage of viewers of the email cannot easily even see the entire FROM email address as it is obscured by some of the most popular email viewing programs. They simply are playing for that small percentage of folks that they can easily trick.
If this was a more contextual fake, I may have fallen for it --- although, another blessing in disguise is I also use RPost’s Right Recipient™ Lookalike domain and reply hijack detectors, so I would not have been fooled.
But your staff, without RPost tools, may just take this Phish bait…
Learn more about RPost’s Right Recipient™ technology.
November 20, 2024
November 12, 2024
November 06, 2024
November 01, 2024
October 29, 2024
Blog