I'm going to analyse a few scam phishing emails and point out how I can recognise them as a scam, without visiting any links, or in some cases not even opening the email.
The most important piece of advice is to get decent internet security software, most of the good ones (Agnitum Outpost, McAffee, Norton et al.) will automatically block these emails or websites, while a good antivirus program will help protect against any malicious content embedded in the page should you click the link. Also any half decent email client should be able to identify scam emails and automatically filter them.
1. Who is the email addressed to, who is it from?
A few of the scam emails I receive are addressed to my email address, but not to me. Instead, they are using a false or random generated name. Your bank knows your name and will address communications to you.
2. Is it your bank?
So you've just got an email from the "National Bank of the Great United Empire of Somewhere" informing you that due to new security procedures you must enter your credit card details.
Firstly, is this your bank? No? Then delete it. Why would another bank be asking for your information?
If this is your bank, do you have online banking set up? No? Again delete it. Your bank should not ask you for your details via email if you are not setup for online banking, if at all.
If it is your bank, and you do online banking and think action may need to be taken, do not click the link in the email. Go to your online banking website in your browser in your usual manner.
3. Phishing Emails Content
If you decide that you are an online banker with the bank in question, the email is addressed to you and reports to be from your bank, and you decide to open the email, take a second to read the contents of the email. Look at the spelling and the grammar. Some of the phishing emails I have seen look as if an illiterate two years old wrote them. An example is shown below.
Due to concerns, for the safety and integrity of the Lloyds TSB online banking we have issued this warning message. It has come to our attention that your Lloyds TSB account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take a 5-10 minute out of your online exprience and update your personal records and you will not run into any future problems with the online service. Once you have updated your account records your Lloyds TSB account service will not be interrupted and will continue as normal. To update your account please click the button below: *Important* We have asked few additional information which is going to be the part of secure login process. These additional information will be asked during your future login security so, please provide all these info completely and correctly otherwise due to security reasons we may have to close your account temporarily.
Firstly, Lloyds TSB is not my bank so I can immediately discard this email as a scam, however, if you are a Lloyds TSB customer this email may seem genuine. On closer inspection, the grammar is not best, punctuation terrible and there are spelling mistakes. Your bank will have had the message professionally written, in clear English (or whatever language) and it will not contain spelling mistakes. "These additional information will be asked"??? The whole sentence indicates that they are phishing for security question answers and identity information - and I haven't even visited the website yet.
4. Check the URL
Every scam email will contain a link to a website, some look more real than others so these tips help you to recognise the phonies from the legitimate.
DO NOT VISIT THE LINK. Hover your mouse pointer over the link and look to the bottom of your email client / internet browser. Whatever client you use, it should display the actual location that the link will take you to. If your client does not tell you the link then get a decent email client. If the link is obscured or you are otherwise unable to view the link then it is being masked and is more than likely a scam.
No IP Addresses
If the URL uses numbers (e.g. https://127.0.0.1/) then it's a scam for sure. Using an IP Address is defiantly not something a genuine bank will be doing.
Secure? No, but it may have a certificate
Just because the URL starts with https does not mean that the site is secure. Https and SSL certificates do not ensure that the website is who they claim to be, only that the information transmitted from your computer to the server is encrypted. You can still be sending information to a spammer's server.
Check the domain name
In the image above you can clearly see that the domain name is team-gear dot co dot uk, this is not the domain name for Lloyds TSB so be very suspicious. Furthermore we can see reference to a Lloyds TSB domain; however this is not where the link will take you.
Don't risk it
Chances are if you have a modern Internet Browser (Internet Explorer 7, Firefox 3, Google Chrome and so on) they will have inbuilt mechanisms for detecting bad sites should you click the link, but DO NOT TRUST THEM 100%. New scam sites are added all the time and your browser may not be fully up to date; if in doubt do not click the link.
5. Search the web.
If you are still suspicious of an email message, copy the first sentence of the email into Google and see what comes up. On a recent email I received I was told that my WHOIS information is incorrect for one of my domains. The email was well written, but I was not a customer of this particular company and a more in-depth analysis showed that it was indeed a scam. Searching for the first line in Google confirmed the scam.
On Wed, 29 Oct 2008 14:30:50 -0300 we received a third party complaint of invalid domain contact information in the Whois database for this domain Whenever we receive a complaint
The first site I came across in the Google rankings was a detailed warning of the scam: WARNING: Enom Phishing Scam
If you have any doubts at all over the legitimacy of any email request always contact your bank for advice. They will be able to tell you if an email has been sent to you or they may request that you send the email to their fraud department for analysis.
This is not an exhaustive identification list and there are many different techniques employed to trick you into divulging your information.Do not reply to these emails.Do not visit links that you believe may be suspicious.If in doubt, contact your bank for advice.