#fnacbe

georgehank@pluspora.com

Phishing. So easy to counter if you know (your) shit.
But sadly, most people are too ignorant about… simple checks of plausibility and email source http links.

Got an email purportedly from fnac.be. First, plausibility check: I never had any business with Fnac Belgium (I was once (that I remember) in a Fnac in Strasbourg, but that's Fnac France (and I never registered an email with them, AFAICR).
Second, check the email source (it's of course a pure HTML email… which mutt shows the source of anyway), because since it isn't legit, there must be some obvious signs.
Hmm, the From header says "fnac.be" (as a legit Fnac Belgium mail might), but there's a link in the mail to fnac-be.com. Almost looks legit, right? Almost
Most people would probably be satisfied with this, although most people who check for suspicious links probably wouldn't.
So, a Whois on this domain is in order (natch).
Registrar sounds so not fishy (or is that "phishy"?): Wild West Domains LLC
But much more useful is of course the date of original registration: 2021-11-09. Not even a week ago. Yeah, right, Fnac has their root domain this young. Let's check fnac.be, just to make sure: Oh, registrar is some subsidiary of CSC, CSC Corporate Domains). Something you'd expect. And not Wild West Domains.
Oh, and of course this domain was registered in 1998. Also as expected.

#csc #fnac #fnacbe #phishing #somethingsmellsphishy #forensics #sleuthing #csi ;-)