Capt. 𝕏odapocket Profile picture
Apr 12 20 tweets 5 min read Read on X
A phishing email made it through gmail's spam filter, and it's the first I can remember receiving that felt targeted to my generation's anxieties, so I thought I'd take a minute to point out details that started throwing red flags before I even got to the second-half giveaway.
🧵 It's a screenshot of the email. It's longer than the character limit for alt text. Sorry. It's just text, surely there's a screenreader that can parse text from an image, right?  I don't have any better ideas. I'll write alt text for the excerpts, though.
I'm starting here because it's perhaps the least obvious and the least talked about: urgency. Whether it's a looming threat or a closing window of opportunity, scammers nearly always infuse their messages with urgency.

(Hoo boy this character limit sucks.) "your file will remain open in my system for only one more day.
They want you to panic, because panic reduces your capacity for rational thought and critical analysis.

This particular email is compelling because communication about load forgiveness has been so poor.
I see headlines from time to time, but I'm never really sure if I qualify for it, if it got shot down by congress, or how I'm going to be informed about it if I AM eligible. An area with little understanding is ripe for injecting panic. Like targeting boomers with crypto scams.
If ever an email is urging you to ACT NOW!!!, that should be your signal to look for other signs of illegitimacy. (This particular example is *rife* with evidence, but that's not a guarantee for every phishing attempt.)
Wrong last name. (You're going to have to just trust me on this one.) No one who has anything to do with my student loans would have the wrong last name.

Also: name as subject line. Official correspondence would have a descriptive title, not just my name. My name, but redacted (cuz Twitter), so it just looks like a red scribble. Why did I include it? I don't know. Consistency? Humor? The opportunity to write this as its alt text? Your guess is as good as mine.
A bank, loan servicer, government office, or other legitimate institution would not identify itself simply as "the Student-Loan Debt Department." "on behalf of the Student Loan Debt Department."
No line break in the intro, leading to incorrect capitalization. Any official communication would not have this error. "[REDACTED], Hello this is Logan Bailey on behalf..."  I mean this one's about visual formatting rather than the words themselves, but I think the post that this is attached to covers what you need to know.
The second half, about opteing in to some ad service, is a dead giveaway for me. But it's not THAT much of a stretch for someone to think "The student loan department must be using a marketing firm to distribute notices. That makes enough sense." So it's not a TOTAL dealbreaker. "You opted in, Advertising Services, PO Box 249 #57223, Albuquerque, NM 87103 ............ We are a marketing company. For contact with the company on the list contact the number listed above. If you'd like to be removed from our marketing...
Also, that unsubscribe link might be a Plan B, hoping to snare people by offering a means to avoid further scam attempts, but which actually points them to a site that will inject malware of some sort. I don't have the skills to sandbox it and investigate that idea, though.
They also omit the slash between the domain and the rest of the URL and make it all plaintext rather than a hyperlink. "[REDACTED]t.com c3d[REDACTED]"
Phishing emails targeting corporations often include a link that will take you somewhere that tries to gain access to your network. By omitting the slash and formatting the address as plain text, the email is more likely to slip past spam filters trained to look for such things.
And finally, the most obvious one and the one that everyone knows to look for once the alarm bells are ringing, official correspondence regarding your student debt would NEVER come from a hotmail account. [REDACTED]@hotmail.com
As an added bonus, I decided to google that PO Box and the results were full of people reporting this same email as a scam. Here's Brown University's notice on it: it.brown.edu/phish-bowl-ale…
Given this breakdown, it might seem like there were so many signs that how could anyone ever fall for this? But I, even as someone who puts a lot of attention into malicious exploitation of cognitive biases, didn't think too hard about it until the urgent "only one more day" bit.
Was I gonna fall for it? No. I always check the sender of anything money related before I take any action based on the content. But it got further than most phishing attempts, so I thought it was worth talking about.
If you noticed something I missed, please feel invited to point it out.

Be safe out there.
Fascinating thing discovered while copy-pasting for alt-text:

See all the spellcheck marks on parts of words? Surrounding those marks are places where I can press the left and right arrow movements and no movement from the cursor.
Which means that text is RIDDLED with characters of no width. It's invisible to the human eye, but a computer sees a bunch of separated chunks of letters rather than words it can recognize. It's absolutely a trick to get through spam filters, and one that I had no idea about.
Let's see how this thing does with what is essentially an image gallery...
@threadreaderapp unroll

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Capt. 𝕏odapocket

Capt. 𝕏odapocket Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @CaptSodapocket

Aug 28, 2021
In this thread: I retroactively livetweet the City of Portland's "Choose Love" "community gathering" seven days after it happened, while exploring the boundary of rum consumption between making the event tolerable and not being too hung over to work for pay at 6 am tomorrow.
The recorded stream bafflingly has a half hour of lead-time before the "gathering," so I've already launched the video. For authenticity.
This logo confuses me. It says "USA" above "I Choose Love," and is topped with the Space Needle, that "Fabulous Las Vegas" sign, Mt. Rushmore, the St. Louis Arch, etc. Is "I Choose Love," like, a bigger movement or something?"
Read 39 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(