When is an email not an email?

phishingWhen it’s phishing.

Simply put, this is where you receive an email or message on your phone that says it’s from an institution (bank, phone company, etc). What actually happens is they are trying to get you to reveal specific information about yourself or usernames and passwords for accounts.

I only mention this because these nefarious bootlickers have finally caught up with my bank, a small institution with only a few branches.

Here’s the body of the email:

Internet Banking Security Alert

Dear customer,

We are committed to providing a secure Internet Banking service and as such have placed additional security measures in place.We advise you to Upgrade your SMS Security access to the new secure server.

To avoid exposing your financial information to potential security risks and to Upgrade your SMS Security service Click here

© Copyright 2013 BANK Limited| ABN 11 111 111 111.

The way you can tell it’s fake is:

  • your name is absent from the message; in this case “Dear customer”
  • the message has typing errors; in this case, the final sentence doesn’t make sense if you read it out loud.
  • the message has a click here link that takes you to a website; in this case, a turkish website http://WEBSITE.net/wp-content/plugins/download-manager/redir.php (interestingly this is a wordpress website which means it could similarly be hacked)

On links, they will either:

  • link to a website that looks similar to the website you expect – known as Spoofing – check the address bar, the bit after the http://www to confirm it’s accurate; or
  • download something nasty to your computer (which is what the one above looks like – download-manager). 

Sometimes an email will have a “click to unsubscribe” button. These have been popping up more and more in SPAM I’ve been receiving and on examination some go to spreadsheets.google.com spreadsheets. What this appears to be is an email harvesting spreadsheet, simple yet effective, which pops a blank page with “enter your email to unsubscribe”.

Whatever you do, don’t enter your email address.

More information

Phishing, Spoofing and other nasty stuff



Author: gotheek

Sometime writer, full time human.