How to spot a ‘phishing’ email
Phishing is a scam where criminals send emails to thousands of people. These emails pretend to come from banks, credit card companies, online shops and auction sites as well as other trusted organisations. 
They usually contain a compelling but bogus reason to go to the site, for example the mail may ask you to update your password before your account is suspended. When a gullible victim clicks on an embedded link in the email it takes them to a website that looks exactly like the real thing but is, in fact, a fake designed to trick victims into entering personal information such as a password or credit card number
Criminals can make an email look as if it comes from someone else. Fake emails often (but not always) display some of the following characteristics:
- The sender’s email address doesn’t tally with the trusted organisation’s website address.
- The email is sent from a completely different address or a free web mail address.
- The email does not use your proper name, but uses a non-specific greeting like ‘dear customer.
- A sense of urgency; for example the threat that unless you act immediately your account may be closed.
- A prominent website link. These can be forged or seem very similar to the proper address, but even a single character’s difference means a different website.
- A request for personal information such as user name, password or bank details.
- You weren’t expecting to get an email from the company that appears to have sent it.
- The entire text of the email is contained within an image rather than the usual text format. The image contains an embedded hyperlink to a bogus site.
What you see below is a real Phishiing e-mail (pretending to be from Paypal) that I received a few months back. But luckily I immediately spotted that it was a spoof and actually sent a mail to Paypal informing them about this mail. Paypal promptly sent a reply saying that it indeed was a spoof mail and that they will caution other users too.
From: Paypal Security Center <online@yahoo.com>
Date: Nov 1, 2006 1:40 PM
Subject: Accounts Management
To: undisclosed-recipientsDear valued PayPal member,
It has come to our attention that your PayPal account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.
However, failure to update your records will result in account suspension. Please update your records on or before November 5, 2006. Once you have updated your account records, your PayPal session will not be interrupted and will continue as normal.
To update your PayPal records click on the following link:
http://www.paypal.com/cgi-bin/webscr?cmd=_login-run<http://202.125.66.19
3/icons/www.paypal.com/SecureInfo/paypal/index.php>Thank You.
PayPal Update TeamAccounts Management As outlined in our User Agreement, PayPal will
periodically send you information about site changes and enhancements.Visit our Privacy Policy <http://www.paypal.com/cgi-bin/webscr?cmd=
p/gen/ua/policy_privacy-outside>and User Agreement <http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/ua-outside>
if you have any questions.Copyright 1999-2006 PayPal. All rights reserved.
As you can see the mail has been sent from online@yahoo.com and the link that is in the email is pointing to an IP address 202.125.66.19 and not to the paypal site. So if you are a little careful you can easily spot a phishing email. But you must remember that the criminals are also clever and are constantly finding innovative ways to fool people.
If you're new here, you may want to subscribe to my RSS feed or get updates through email. Thanks for visiting!
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Leave a comment