How do you know your name brand recognition has arrived?
When email scammers decide that you’re a big enough hook that they can catch unsuspecting individuals by leveraging your name.
Such was the case recently when streamers using the Twitch platform found an email in their inbox from “Razerzonesponsorship@gmail.com.” The emails seem to offer streamers lucrative Razer eSports sponsorships after having been selected by “scout agents.”
Apart from some really tortured grammar, it almost looks legitimate, until you start to dig a little bit deeper.
Red Flag #1: Real Razer emails don’t come from Gmail addresses. Google is a great platform; but anything from Razer will come from “@razerzone.com.”
Red Flag #2: Razerzone Ltd. is not a real company. While the company does use “Razerzone” as their domain name, Razer is registered as Razer USA Ltd. and does business as Razer Inc.
Red Flag #3: Razer’s eSports platform, Team Razer, is not mentioned…like, at all.
Red Flag #4: Daniel Werth, whoever he is, is not employed by Razer. Nor does Razer have a “Social and Managing marketing” department. I got my confirmation from Kevin Scarpati, Razer’s real head of Public Relations for the Americas; but even a quick Google search turns up nothing.
As far as what happens when you click that big green “Razer Application Form” button? Your guess is as good as mine. But I can guarantee it’s nothing good. At best, you’ll be led to a form where they’ll ask for all kinds of sensitive information in a phishing scam. At worst, they’ll install malware on your machine while you fill out the form.
Now is as good a time as any to remind you to practice safe emailing. If you receive an email offering something from someone, anyone, do a quick bit of research and see if you can verify any of the people, companies, or other entities involved (especially if you weren’t expecting the email). Always check a company’s website, even if you’re familiar with them, before responding back to an email to see what they use as their official email address. If the email you received doesn’t end in that domain name, report it to Google (you can do so right from Gmail by using the Report phishing option from the toolbar of the email), then chuck it in the trash ASAP.
And if you take no other advice from this article, it’s this – until you’ve checked and double-checked the veracity of an email NEVER CLICK INCLUDED LINKS (yes, I’m using all caps – it’s because I feel that I must yell this in order for people to actually listen). So often we want to believe that our fortunes have turned or that we’ve been discovered by the vast internet fame machine. Don’t let that desire cloud your judgement.
Besides, if you really want a shot at joining Team Razer, all you’ve got to do is ask! If you think you have what it takes, head over to the Team Razer home page and you can fill out an application to be considered right now. Believe me, you’ll know if it’s really them emailing you back.
Source: SANS ISC SecNewsFeed @ February 23, 2017 at 04:15PM