The Anatomy of a Phishing Email
The image below is taken from a Phishing email aimed at Natwest bank customers. The same techniques used on this fake
email apply to almost all other Phishing emails...
 |
The "From:" Address |
|
The "From:" address of an email can not be trusted as it is easily faked by the criminals who send out the Phishing emails.
Although in this case it appears that the email has come from a @natwest.co.uk email address, this has been faked.
|
 |
The "To:" Address |
|
Pay close attention to the "To:" address, often it will not be directly addressed to you. If it isn't then it may not be a legitimate message from the
organisation it claims to be from. Also, if the "To:" address contains multiple addresses this is also likely to be a sign that the email is a fake.
|
 |
The Message "Subject:" |
|
The subject of a Phishing email may give away some small clues to the fact that it is fake. In this case it is claiming to be from
"Natwest Electronic Banking", if this were real then it would only be using the name "Natwest" and not "Electronic Banking". Phishing emails will
usualy have urgent of exciting claims in the subject line, using words such as "Important Announcement". Be careful of emails like this. Also look out
for spelling mistakes and typos.
|
 |
Company Logos |
|
Phishing emails will almost always use the correct logo for the organisation they are trying to defraud. The logos are extremely easy for
Phishers to re-use, so do not place any trust in the logo of a company within an email - it does not guarantee the message is legitimate.
|
 |
Who the email is addressed to |
|
Phishing emails will usually address their emails in general terms, they won't personalise it to you. So if they are claiming to be from your bank
and they have addressed the email to "Dear Customer" use caution as the email may be fake.
|
 |
The web link |
|
This is probably one of the most important parts to check. Although the link may look like it is going to the correct website
(www4.natwest.co.uk in this case), it may take you to fake website when you click on the link. In this case when we click on the link in
this Phishing email we would be taken to a fake website at http://www9.nwolb.co.uk.sec74.net/. To be certain, never click a link within an email,
simply type the address that you know is correct into your web-browser address bar.
If you do click a link from an email always double check the address you have been taken too. We will cover more detail on this in our next part
(The Anatomy of a Phishing Website).
|
 |
The message body |
|
Always look out for spelling mistakes or names incorrectly used. In this example they refer to Natwest online banking as
"Natwest Bank Direct Banking" which the real bank would never do.
|
For more information on Phishing emails please select the option above, or for more details on the ClearMyMail Guaranteed Spam Blocker please select one of the options below.
Share or Bookmark this page:
|
95%
PC Answers Aug, 2007
More reviews
|