How to recognize phishing scam emails
When I talked about pharming I alluded to some signs that indicate an email is a phishing scam. It’s possible to “learn” to recognize the scams just by seeing enough of them; maybe I just recognize patterns more easily than some. These are the patterns I’ve picked up in phishing scams; hopefully they’ll be useful to you.
When it comes to mail from any financial institution, from PayPal to the Fed, the best policy is to treat it as a scam unless you can verify the message using some “out-of-band” method. For example, call your bank by telephone to confirm an email request from them, rather than replying to “their” email or going to their website. A real brick-and-mortar bank is still more likely to send you paper mail than ask for information via email.
The first and most obvious sign of a scam: the supposed source of the message is an institution you don’t do business with. I happen to have kept me clear of most of the big national banks, so nearly every phishing scam I get fits this bill. These are gold, because you know they’re scams; the bank has no reason to be sending you email. Take a good look, because this is what scams look like.
Second sign: the message resembles one you’ve identified as a scam. As near as I can tell, there’s one phishing gang which simply changes the logo and institution name, but otherwise sends identical mail. If your financial institution sends HTML mail, they’re likely to style the whole message, framing the text completely with design elements. Black Arial text on a white background with a logo floated in the upper left screams home-made.
Third sign: HTML-only email. There should be a plain-text version of the message included in the email, in case the recipient’s mail software can’t display HTML messages. (Such mailers do still exist, and many people prefer them.) HTML has many ways of hiding the real destination of a link; plain-text does not, which is why scammers prefer not to send plain-text. If it’s HTML only, don’t trust it!
Fourth sign: Check the URL. You should be able to view the HTML source of an HTML message, and see where the link is actually taking you. (It will be inside quotes in a section starting, <a href="">). If the href value doesn’t appear to match the text that’s underlined and blue, don’t trust it… and the harder it is to figure out where the link goes, the less you should trust it.
Fifth sign: Read the headers. Reading the headers used to be the way to trace spammers to their source; with the rise of open proxies and PC botnets, tracing spam usually just leads to a compromised Windows box on a DSL line. But in the case of phishing scams, you don’t need positive identification of the source; you just want to confirm whether it comes from who it says it comes from. If you’re really uncertain about an email, you can learn a lot by using the message headers to find out where it got started. I don’t have the time or space to explain header-reading here, but there are a number of introductions on the web.
With any luck, these five things should be enough to tell you if a message is a scam or legitimate. I doubt it’s comprehensive, though; these are just the things I consider. If there’s another warning sign you use to detect email scams, put it in a comment, and we’ll let Google index it all.
Now Playing: Seasons Changed from My Friends and I by Patiokings
![[Swinging off a dragger, Cundy's Harbor, Maine, July 4th, 2003]](/images/cundys_harbor.jpg)
Comments
Posted by: Scooter | March 9, 2005 2:44 PM
I am Mr.pascal Green, a consulting auditor,Ned Bank plc, Johannesburg-SouthAfrica.During the course of my auditing work with my client bank late last year,I discovered an account worth $8,400,000.00($8.4m) opened in the bank in 1998 by a Foreigner, a German, Late Mr.Andreas Schranner,who died in the AF4590 plane crash. You can check it out here.http://news.bbc.co.uk/1/hi/world/europe/859479.stm
It is because of the perceived possibility of not being able to locate any next of kin known to the bank of Late Mr. Andreas Schranner as all his family all perished in the jet according to the immigration data available to the bank, that his the main reason i have contacted you to stand in as the next of kin.
I have secretly discussed this matter with a close confident attorney whom I must involve in order to assist us produce legal back-up documents which would substantiate claims/position of next of kin and also enable us have a smooth and successful transfer of the fund to any foreign bank account which you are going to nominate.
All validating and authenticating documents to enable you get this fund will be carefully worked out. We have secured from the probate registry, an order of Mandamus to locate any of the deceased beneficiaries and that makes this business 100% RiskFree.
The sharing ratio after completion of transfer will be thus: 60% forme,35% for you and 5% for expensies.Kindly indicate your interest to enable us,with your assistance,move the fund to the banks offshore clearing houses in Europe. Please note that for the purposes of confidentiality, all further correspondence should be through my Personal email: [Deleted: you think I’m a fool?]
Finally you are not expected to travel down to south Africa your presence will only be required at the offshore payment center in europe notably Netherlands or spain because we intend transfering the funds to our oversea affiliate office for easy acess and to save you the stress of comming down to South Africa.
Accept my warm regards as I await your response.
Sincerely, Pascal Green.
NB:Send your personal phone number to enable me open up discussion with you.
Posted by: Mark Loehndorf | June 16, 2005 6:28 PM
Nowhere like a post about scams to post a scam, that’s what I always say!
Posted by: pjm | June 16, 2005 9:33 PM
From :
Sent : Thursday, February 15, 2007 5:27 AM To : jimbo451@msn.com Subject : FROM:JOYCE OMALA.
| | Junk E-Mail | Inbox
We’ve identified this mail as junk. Please tell us if we were right or wrong by clicking Junk or Not Junk
FROM:JOYCE OMALA.
COTE D IVOIRE,
WEST AFRICA.
Dear one,
Permit me to inform you of my desire of going into long time relatioship and financial transaction for our mutual benefits.
I am JOYCE OMALA and I inheritated an important sum from my late father who died in recent crisis in Cote d'Ivoire. I wish to request for your assistance in investing this sum in lucrative venture or manufacturing and real estate management in your country.
I have One million, five hundred thousand United State Dollars. USD($1.500,000)to invest in this transaction and I will require your assistance in receiving the fund in your account in your country. I will gladly give you some reasonable percent from the total sum for your assistance. Please it is important you contact me immediately for
more clearification on the next step for smooth conclusion.
Awaiting your immediate response and God bless you.
Thanks for your understanding
Yours Sincerely,
JOYCE OMALA.
PLEASE REPLY TO: omjoyy@yahoo.com (OR) omjoyo@yahoo.com
Posted by: James S Hunter | February 15, 2007 9:30 AM
Yeah, these are all 409 Scams, so-named after the Nigerian criminal code for these scams. Investigate these, very scary, people in the West have lost millions to these, some have even gone to Africa to pick up their $$$ and have been kidnapped and beaten and/or killed.
http://www.flashesofpanic.com/panic/000786.php
I hope you are well.
absurd thought - God of the Universe likes internet scam artists
USpace .
Posted by: USpace | March 21, 2007 2:30 PM
Posted by: seydina diagne | April 8, 2007 9:26 AM
Posted by: Sass | January 27, 2008 1:17 AM
Posted by: Jucelia | June 9, 2008 11:15 AM
Posted by: Alan | August 24, 2008 6:00 AM