Wednesday, 27 January 2010

Phishing emails - How to deal with them.

I reckon I receive >95% spam in my email inbox on a daily basis. Most of is is filtered at the ISP as I have my own domain that I use for emails. Nevertheless loads still gets through with a low enough spam score to avoid the checks put in place on my Mozilla Thunderbird program.

Recognising Phishing Emails
  • How many copies of the email have you received? One ought to be enough, more than one - maximum two - is a sure Spamsign.
  • Take the time to read through the email. Often the grammar and words used will be slightly wrong. This is particularly true if you are reading English and the email was written by someone in China or Africa for example.
  • Look for out of place or odd characters in the email. %LIKE_THIS% 
  • Check the links carefully. Ignore the bit of the url that looks like what you expect and look at the rest. Examples below.
  • Think!
    Does your bank send emails?
    Are you registered for their email service? Is this email to the correct address?
    Is this email even from your bank?
    Do you use Paypal? Do you know about their email policy?
  • Most banks don't send emails, or at least they didn't a few years ago. It was a Godsend to the spammers when the banks wanted to sign customers up for email alerts. I for one wish they never had.
  • Have you ever had a genuine email from your bank that you can compare?
What to do next 
Actually it is really very simple!

Simply log in directly to your bank's website and look at your account there. If you have problems logging in then check with the phone banking service.

Precautions
  • Always use the most up to date browser. If you're not on Firefox yet or even Internet Explorer 8 then sort it out quickly.
  • Use a good email client like Mozilla Thunderbird. It has many facilities for dealing with spam and phishing emails. Outlook Express should never be used.
  • Learn to be cautious about your emails. Do you trust the sender?
Still using IE6? You are clearly mad, or your employer is, and so are Microsoft for supporting it for so long.


Examples of Bad Links
Just hover over the link in the email and you might get a surprise...
Really obvious:
Hovering on http://www.hsbc.co.uk/1/2/  shows - http://bit.ly/7gRw49
Less obvious, from an Alliance & Leicester phishing attack:

Link says 'Log in to your Account' but shows http://www.miguelimoveis.com.br/upload/alliance/alliance.php Poor Miguel got hacked!
Posted by at
Labels: , , ,

No comments:

Post a Comment

Please let us know what you think of this article. Leave a comment right here.

Subscribe to: Post Comments (Atom)