Phishing attempts to obtain passwords, bank details or credit card information are getting more frequent, with scammers faking everything from Facebook emails, bank / credit card service alerts and even message from couriers (FedEx, DHL, etc). Here are some clues to look out for when you receive a suspect email.
If you’re unfamiliar with Phishing, it’s the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. [via WikiPedia]
I examined my email spam folder to find common traits, clues and other information that can help you identify these types of emails. As a precaution, you should treat any email you receive from a banks, credit card companies, and even social media websites as suspect until you can validate its origin.
Real Life Examples
Here is an example of an email I found from someone faking NatWest:
There are a lot of clues as to why the email is not real. See if you can notice them, and compare with my list below:
- Email comes from firstname.lastname@example.org (not a NatWest email address)
- Email is indirect. It does not mention the customer name or their email address
- Usually, banks will include some account details in the email, like last four digits of credit / debit card or account number
- Hovering over the two links reveals a URL that does not go to NatWest. The link in the image above goes to faithfoundationschools.com
Another bank example, this time from Lloyds Bank:
There are a few commonalities between this Lloyds email and the one from NatWest above. In fact, the first three points are present in this email too. In addition:
- Gmail has disabled the “Click Here To Continue” link for security reasons.
- The casing for the link is incorrect, especially when the rest of the email is correct
- The signature looks more like a copyright statement
- A security breach or suspicious activity on your account will usually prompt the bank to call you instead of sending you an email.
The following example from a Facebook phishing scam is more sophisticated. Can you tell the real and fake one apart?
These email are a bit harder to tell apart, since they look very similar to each other. The biggest clue is the person that the email is supposed to reference. In the fake email I received, the comment was from a person I do not know or have in my friends list. It could have been a comment on a public post but I rarely publish updates publicly.
Here are some clues to look for:
- Hover over the links in the email to see if they go to Facebook.com. Don’t click on the link.
- Check with the Notifications on Facebook to see if the comment was actually made (this is dependent on your Facebook settings).
- The new Facebook emails will include the friend’s photo (a big giveaway in identifying the real email)
Here are some tips to follow to protect you from falling for phishing emails:
- Treat any emails from banks, credit card companies, social media etc as suspect until you can verify it’s from the actual company. Most banks will include your account number or last four digits of the credit card number to help you identify it as authentic.
- Don’t click on any links in the email if you’re unsure of its origin. Clicking on the email may add you to a whitelist that will trigger more spam to your account. Links may also link to spyware, malware and other viruses that could infect your computer or device.
- If you’re received an email from a bank or credit card company asking you to login, visit the website directly and login from there. Do not follow any links in the email that prompt you to login. More sophisticated phishing email link to clones of the real website.
- If you are worried about the security of your bank account, contact the bank and make sure there has been no suspicious activity. In most cases, the bank will contact you by phone to inform you of any unusual activity, they don’t send emails regarding this.
- Update your online bank account settings so that you don’t receive information via email. You can usually change this to snail mail (i.e. postal service) and phone contact only. This will mean any subsequent emails you get from the bank are likely to be fake.
- Finally, report any phishing emails to the relevant company. Most companies have a reporting tool you can use to help them combat phishing. If you notice a phishing email in your inbox, also mark it as spam so it doesn’t hit your inbox again.