Three types of phishing devices are most commonly used: suspicious links, attachments and fake messages. See more information below.
01. Phishing emails - Suspicious links
As the email type implies, suspicious links are inserted into these kinds of emails and recipients are required to click on and visit the links and then input their account information to view orders or samples.
Sometimes these emails will request recipients to download attachments, so it is important that any virus detection is achieved before opening and checking the attachments.
Next are 2 examples of seemingly ‘normal’ phishing pages – they always ask for account IDs and passwords:
2 Phishing emails - Attachments
Normal attachments mainly have these formats: Html, Exe/Scr, Doc Excel, PDF, Zip/Rar. Among these file types, Exe/Scr documents are most likely considered high risk. We recommend only opening after scanning with anti-virus software.
1) Html ( Web page attachments)
Phishing links are often hidden behind html web page attachments. So, it is strongly suggested that you do not open html page attachments without considering the risks.
2) Doc, Excel, PDF Files
Although, these 3 types of attached files usually carry a lower level of risk, they are all capable of carryingmacro viruses. There are still risks in opening these types of files and running the macro orders without first screening them with anti-virus software.
Moreover, be aware that even though the attachment itself may pass a virus scan, the phishing links may actually be hidden in the content, so please also be aware of this possibility
3) Zip/Rar Attachments
Zip file attachments or “aggregation” files are often used to carry macro viruses and phishing links. Many email services will automatically treat these attachments as high-risk.
3 Fake Messages
Fake messages are the most difficult kind of phishing emails to handle because recipients have trouble distinguishing fake messages from authentic messages. Those emails also often easily pass standard international email security measures. It is generally understood that there are almost one hundred million fake messages generated on the internet, each day.
1) How fake messages are generated
All emails are sent through a sending server, so when spammers establish their own illegal server, this becomes a generator of fake messages. This is exactly the same for the illegal factories which produce those fake “brand products”.
Spammers can edit the sender information of any emails they generate in their own server:
Often recipients say the sender email address is correct and that the suspicious emails are from Alibaba Group. Actually the email address is added afterwards and closely resembles our service email addresses.
2) Why it’s so hard to deal with the fake messages:
A. First, there are flaws in the way the internet naturally operates. Spammers have the ability to establish servers of their own, and these servers are hard to track.
B. A lot of members use their company email boxes on a daily basis, but these cannot use the DMARC* protocol to stop fake messages from being delivered. While Outlook, Gmail and other large email service providers use the DMARC protocol, one problem is that these email addresses can easily be imitated.
*DMARC protocol: E-email security protocol rolled out after 15 Industry giants joined forces. They include PayPal, Google, Microsoft, Yahoo, ReturnPath, and more.
3) How to prevent fake messages:
A. Try to use DMARC protocol to filter the out any fake Alibaba.com emails
B. Try your best to always immediately your messages in the Message Center. Normally, only real messages will be in your account and are related to notifications you receive.
C. Manually checks is the most efficient and accurate way to identify fake emails.
4) Checking for the real sender’s email address
Many fake messages are constructed through the forging of Alibaba.com sender email addresses, but sometimes these emails leave clues.
You can see from the following example that the real sender email address is actually listed behind the Alibaba.com email address.
Sometimes you can only view the Sender in incoming emails and the real email address may be hidden. To check the full address, place your mouse on the sender’s name, and the real sender’s email address should be shown.
As a smart tip for you, it would be a phishing email if the email address as shown being the recipient after you click "reply" differs from the sender's address of the original email (an example shown below for reference only).
Usually, Alibaba.com will never use personal email addresses or Skype when contacting our members, especially note that we will never contact you via Skype requested for confidential Information such as member’s accounts, passwords and/or specimen of company stamps for security checking. Kindly be alerted and report to us when you receive Skype message sent allegedly from Alibaba Customer Service Staff before disclosing any confidential information to avoid losses.
Judging from the links contained in emails
As mentioned above, the objective of fake messages is always about how to obtain members’ account information, so the link checking is a very direct and useful way to verify emails.
For example, when we put the mouse cursor on the suspicious buttons or links, the whole URL data will show up accordingly. In the screenshot below we can see the domain is mamkerman.ir instead of alibaba.com. Now we know it is a phishing email. By the way, please also be aware we have another domain, which is aliexpress.com.
When an “Alibaba” email comes in containing an unreadable code, or if it contains unknown attachments, then you can also treat this as a suspicious email as well. Please sign in to the account to check the emails in your Message Center, or you can contact our service team for more assistance.
Unreadable or “messy” codes: