Deliverability

Common phishing email warning signs

Phishing emails are becoming more and more sophisticated each day. It's imperative that you know which phishing email warning signs to look out for, read more –

PUBLISHED ON

PUBLISHED ON

If you suspect you have received a phishing email impersonating Mailgun, please send the email headers to abuse@mailgun.com.

When you get an email from a company that you recognize, you assume that the message you get is legitimate. Unfortunately, people now have to second guess any password reset and updating billing email thanks to phishing attempts.

In case you need a refresher, phishing emails are emails that spoof legitimate businesses to gain your personal information. These emails lead to a landing page that asks you to input your personal data like your login or social security number, thus collecting your info.

A few years ago, these phishing attempts always looked like a scam. Bad grammar, broken email templates, and outdated logos used to be the best hallmark signs for a phishing email. Spammers caught on that they needed to be craftier, and create more convincing phishing emails. Take a look at this one that we’ve been seeing recently:

Pretty compelling, right? But wait, it gets worse. This is the landing page it sends you to if you click the link:

This can fool just about anyone into thinking that the email they received is legitimate. Even the smartest person can have an off day where they fall for an email like this. Now the spammer has your login credentials, and you can get locked out of your account due to the compromise.

Here’s how to spot a sophisticated phishing attempt

Sometimes looking for spelling mistakes and formatting errors isn’t enough. If the spammer has really committed to their scam, they’ll do what it takes to make the email they send you look legitimate. Take for instance the email shown above, it looks like it came from Mailgun. The formatting on the email is a little off, but the biggest sign that jumps out to us is the from address. We as a company know that we don’t have a `service@mailgun.org` address, but not everyone is going to be privy to that information. 

Message Headers

Instead, we advise that you take a look at the message headers. These headers will give you every single last detail of a message – including who and where it’s actually coming from in the first place. You can usually find the headers by looking at the `more` options of a message, and clicking on `show original` from there, you will receive the headers. 

For some, reading headers is second nature, but for those of you who aren’t looking at phishing and spam attempts all day, you can use tools like MXToolBox to parse the headers for you. If it doesn’t have the right authentications in place like DKIM tied to the message, it isn’t coming from the real sender.

Landing Page URL

The URL of the landing page the email sends you to will always give away a phishing attempt. The example above is a bit tricky because the beginning of the URL looks pretty legitimate. It tries to trick you with the `mailgun-com,` hoping that your eyes will gloss over the fact that it isn’t our website. If that isn’t enough, the rest of the URL is just as bogus. Always be sure to double-check the URL anytime you are sent a message asking for personal information. 

What else can you do?

Outside of being vigilant about phishing attempts, there are some added steps you can take to keep yourself and your data protected. For starters, make sure you have 2FA enabled on every account you have. This added security measure makes it much harder for spammers to access your information. Consider using password generators and password banks to update your passwords regularly, just in case you have to update your login credentials in a pinch. 

Beyond that, it’s imperative that you inform the company that is being spoofed and the ESP the phishing email is coming from. Once they are made aware of the situation, the company in question and the ESP can work on mitigating the reach of spammers sending out those messages. 

Should you suspect that you’ve received phishing attempts that look like they’re coming from Mailgun, please send your message headers to abuse@mailgun.com. We’ll take it from there. 

Related readings

Caught in a phishing line: What we do and how you can protect yourself

Phishing emails are the worst for a variety of reasons, but there are some things you need to know in order to keep yourself protected. Read more...

Read more

Internet security: Defending against spam

How exactly do bad actors attempt to exploit Mailgun accounts? There are quite a few ways, but for this post, we’re going to focus on three. Read more -

Read more

Protecting your domain reputation with DMARC

Any domain is only as protected as a domain owner makes it. Protect your domain reputation by implementing DMARC. Read more...

Read more

Popular posts

Mailgun iconSee what you can accomplish with the world's best email delivery platform. It's easy to get started.Let's get sending
CTA icon Mailgun Icon