• Guest - w'd love to know what you think about the forum! Take the 2025 Survey »

10 Tips for spotting a phishing email.

WeeWillie

Well-Known Member
Messages
2,556
Location
UK
Type of diabetes
Treatment type
Insulin
Dislikes
Dictators who positively go out of their way to force misery, tears and fears, upon their countryman's lives.
Politicians who, in dealing with dictators, have a wishbone where a backbone should be.
PHISHING.......

Phishing is a fraudulent attempt, made through email, to steal your personal information.
The best way to protect yourself from phishing is to learn how to recognize a phish.
Phishing emails usually appear to come from a well-known organization and ask for your personal information,
such as credit card number, social security number, account number or password.

Very often phishing attempts appear to come from sites, services and companies with which you do not even have
an account.
In order for Internet criminals to successfully "phish" your personal information, they must get you to go from an
email to a website.
Phishing emails will almost always tell you to click a link that takes you to a site where your personal information
is requested.
Legitimate organizations would never request this information of you via email.

Generic greeting. Phishing emails are usually sent in large batches. To save time, Internet criminals use generic names like "First Generic Bank Customer" so they don't have to type all recipients' names out and send emails one-by-one.
If you don't see your name, be suspicious.

Forged link. Even if a link has a name you recognize somewhere in it, it doesn't mean it links to the real
organization.
Roll your mouse over the link and see if it matches what appears in the email. If there is a discrepancy,
don't click on the link.
Also, websites where it is safe to enter personal information begin with "https" — the "s" stands for secure.
If you don't see "https" do not proceed.

Requests personal information. The point of sending phishing email is to trick you into providing your
personal information.
If you receive an email requesting your personal information, it is probably a phishing attempt.
Sense of urgency. Internet criminals want you to provide your personal information now. They do this by
making you think something has happened that requires you to act fast. The faster they get your information,
the faster they can move on to another victim............

Source http://www.techrepublic.com/blog/10-things/10-tips-for-spotting-a-phishing-email >>>>>>>>>

Phishing emails insinuate themselves into inboxes year-round, but the holidays bring out a rash of new
scams. Help your users spot "fishy" emails. Every day countless phishing emails are sent to unsuspecting
victims all over the world. While some of these messages are so outlandish that they are obvious frauds,
others can be a bit more convincing.
So how do you tell the difference between a phishing message and a legitimate message?
Unfortunately, there is no one single technique that works in every situation, but there are a number of
different things that you can look for. This article lists ten.

1.
The message contains a mismatched URL One of the first things that I recommend checking in a
suspicious email message is the integrity of any embedded URLs. Very often the URL in a phishing
message will appear to be perfectly valid. However, if you hover your mouse over top of the URL, you will
see the actual hyper-linked address (at least that’s how it works in Outlook).
If the hyper-linked address is different from the address that is displayed. then the message is probably
fraudulent or malicious.

2.
URLs contain a misleading domain name Often times people that launch phishing scams depend
on their victims not knowing how the DNS naming structure for domains works.
It is the last part of a domain name that is the most telling.

For example, the domain name info.brienposey.com would be a child domain of brienposey.com
because brienposey.com appears at the end of the full domain name (on the right hand side).
Conversely, brienposey.com.maliciousdomai.com would clearly not have originated from brienposey.com
because the reference to brienposey.com is on the left side of the domain name, not the right.
I have seen this trick used countless times by phishing artists as a way of trying to convince victims that a
message came from a company like Microsoft or Apple.

The phishing artist simply creates a child domain bearing the name Microsoft, Apple, or whatever.
The resulting domain name looks something like this: Microsoft.maliciousdomainname.com.

3.
The message contains poor spelling and grammar Whenever a large company sends out a message on
behalf of the company as a whole, the message is usually reviewed for spelling, grammar, legality, and a
number of other things. As such, if a message is filled with poor grammar or spelling mistakes it probably
didn’t come from a major corporation’s legal department.

To give you a rather amusing example, I received an email message a few weeks ago that was supposedly
from one of the large real estate companies.
However, the body of the email merely said, “Me buy house fast”. Obviously, that email was not legit. I’ll
concede that this particular message was more of a spam than a phishing message, but the same basic
principle applies to phishing emails as well.

4.
The message asks for personal information No matter how official an email message might look, it is
always a bad sign if the message asks for personal information.
Your bank doesn’t need you to send them your account number. They already know what it is.
Similarly, a reputable company should never send an email asking for your password, credit card number,
or the answer to a security question.

5.
The offer seems too good to be true There is an old saying that if something seems too good to be true,
it probably is.
That saying holds especially true for email messages. If you receive a message from someone unknown
to you who is making big promises, then the message is probably a scam.
After all, why would a Nigerian prince that you have never heard of contact you to help him smuggle money
out of his country?

6.
You didn’t initiate the action Just yesterday I received an email message informing me that I had won
the lottery!!!!
The only problem is that I never bought a lottery ticket. If you get a message informing you that you have won
a contest that you did not enter then you can bet that the message is a scam.

7.
You are asked to send money to cover expenses One tell-tale sign of a phishing E-mail is that you will
eventually be asked for money.
You might not get hit up for cash in the initial message, but sooner or later a phishing artist will likely ask
for money to cover expenses, taxes, fees,
or something like that. If that happens, then you can bet that it’s a scam.

8.
The message makes unrealistic threats Although most of the phishing scams seem to try to trick people
into giving up cash or sensitive information by promising the victim instant riches, other phishing artists try to
use intimidation to scare the victim into giving up information.

If a message makes unrealistic threats then the message is probably a scam. Let me give you an example.
About ten years ago, I received a very official looking letter that was allegedly from US Bank. Everything in the
letter seemed completely legit except for one thing. The letter said that my account had been compromised
and that if I did not submit a form (which asked for my account number) along with two forms of picture ID
then my account would be cancelled and my assets seized.

I’m not a lawyer, but I’m pretty sure that it’s illegal for a bank to close your account and seize your assets
simply because you didn’t respond to an email message. The amusing part however, was that the only
account that I had with US Bank was a car lease. There were no deposits to seize because I did not have
a checking or savings account with the bank.

9.
The message appears to be from a government agency Phishing artists who want to use intimidation
don’t always pose as a bank.
Sometimes phishing artists will send messages claiming to have come from a law enforcement agency,
the IRS, the FBI, or just about anything else that could scare the average law abiding citizen. I can’t tell you
how government agencies work outside of the United States.
In America however, government agencies do not normally use email as the initial point of contact.
That isn’t to say that law enforcement and other government agencies do not use email – they do.
However, law enforcement agencies follow certain protocols. They do not engage in email-based extortion
(at least that hasn’t been my experience).

10.
Something just doesn’t look right In Las Vegas casino security teams are taught to look for anything that
JDLR (as they call it).
The idea is that if something just doesn’t look right, then there is probably a good reason why.
This same principle almost always applies to email messages. If you receive a message that seems
suspicious then it is usually in your best interest to avoid acting on the message.

willie.
 
Last edited by a moderator:
This is amazingly useful information. Phishing emails are getting so elaborate these days that I've almost fallen for a few myself! Thankfully, my internet past has given me the knowledge I need to spot and avoid them. :eek:
 
Spam mails used to go into my spam folder. I use Hotmail as my primary e mail address and G mail as my secondary.

Recently spam appears in my inbox which makes it hard to suss out the spammers,

Last week I had a mail from Paypal which looked legitimate.

It started 'Dear Customer'. That was the first clue. It went on to say that my Paypal account had been suspended until I updated my personal information by clicking the link below.

There was also a glaring piece of bad grammar which was the final straw.

I send it to [email protected] and deleted it straightaway.

There is also [email protected] where you send spammy E Bay messages of which I have had a few.

I went straight onto my Paypal page and in the top right hand corner there is a notification link and there was nothing in there. What a surprise....

Thanks Willie for an interesting post and I have passed that link onto onto a few silver surfers who have been stung before with the lottery scam.
 
It's good to have a reminder about what to look out for. Several years ago someone passed on similar info to me, so I haven't been fooled but know a few who have. It never ceases to amaze me the lengths scammers will go to in order to get to us....some clever, some so stupid they make me laugh! However, in their own way each is dangerous and your information is invaluable. Thank you :)
 
Back
Top