How to recognise phishing e-mails

If you have a decent spam filter, you can usually recognise a phishing email by it being in your spam folder, and it is best left there.

What is phishing?

A phishing email is one that looks like a genuine email from a financial institution, but is actually trying to trick you in to giving the sender your personal details, for use in credit fraud and/or identity theft, (Wikipedia entry).  However, the need to get this data back to the sender is their achilles heel; the email contains a link to a rogue site used to gather the data.  This link is very quickly recognised for what it is by the black-listers, which is why phishing normally ends up in the spam basket.  Unfortunately, there are new phishing attempts being designed all the time.  When they first come out there is a short delay before they are discovered and end up on the black lists.  During this time, it is possible for a few people to get a phishing email land in their in-basket.  So we do need to be able to recognise them.  Luckily it is very easy.

How to recognise phishing

(In the following I will use the term bank as a shorthand for any financial institution or subscription service that could be the target of phishing).  There are some obvious pointers:-

• Banks that you do not have an account with will not be contacting you.
  
  
• Banks know your name and will not address you as "Dear valued customer".
  
  
• If the email does not contain your account number, it is probably from someone who does not know it, and would like to find out.
  
  
• Banks usually have your phone number and will contact you by phone if they believe your account has been comprised, or if there are suspicious transactions. They will want to stop fraudulent transactions as soon as possible, to minimise their loss, and will phone rather than wait for an e-mail to trickle through.
  
  

1. Whether your email client blocks images or not, this shows why the emails look like the genuine article, they pinch things from the real site.  An image in an email looks so reassuring, but is no indication of authority, it so easy to fake.
   
   
2. Your bank knows who you are, if the email does not give your name and/or account number, it is not from your bank.
   
   
3. If your bank detects access from a blacklisted IP (Internet Pointer - given by hosting company) they can refuse the connection and prevent the logon.  They do not need to write to you to get you to help them.  Furthermore they will act on the first trigger of something suspicious and will not wait for a few days to see what happens.  The phisher tells you your access is blocked to try and frighten you in to clicking on their link.  If you are concerned, log on to your bank in your normal way, if there really is a problem you will find out durig the logon process and be given information on how to sort it out.  Never take a link in an email, even if you think it is genuinely from your bank.
   
   
4. Another attempt to frighten you in to action.  It is unlikely that any bank would suspend an account without contacting you first by phone or letter.  They want your business.  It is the phisher that just wants your details and is desperate for you click on the link.  Don't ever do it.
   
   
5. The final clue is this link.  Don't click on it but just hover your mouse over it to see where it would go.  This example is an image and does nothing, but in any phishing email that you get, you will see that rather than going to your bank it would take you to some funny address such as http://madshelljeqlj.freehostia.com/start.do.htm which is the phishing site.  It looks just like the real site, but any data entered will go straight to the phisher.
   
   The following link is a simulation of how they do it.  Hover your mouse over the link and see that what shows in your browser's status bar (where your browser will actually take you) is not the same as what appears in the link itself (where you think it would be going).  http://valid.bank.reference.com.

1. Use a spam filter.  If your ISP (Internet Service Provider) does not give you free spam filtering, find one that does when it is time for renewel.
   
   
2. Never let your main email address get on the internet or give it to internet traders.  If you need to give out your email address to anyone other than friends and family, get a second one from Googlemail, Hotmail etc.  These provide spam filtering for you and your main email address should stay relatively spam free.
   
   
3. Use Firefox (English - British version), or Opera rather than Internet Explorer as your default browser.  These are less susceptible to hacking and provide better security.  You will need to keep Internet Explorer, but only use it for sites that you trust and only if the site will not work with another browser.  Some sites unwisely use Microsoft unofficial extensions to the HTML language and will only work in Internet Explorer.
   
   As an example the following is what I got when I clicked the phishing link in Firefox and Internet Explorer.  Those of you that spotted that I clicked on a link when I told you not to, see the sandbox item below.
   
   If you like Google's "round the edge. but relevant" approach to advertising you might like to try Google's Chrome browser.  However it is fairly new, so only use it you are confident with using new software.  (Established software like Windows itself is hard enough).
   
   
4. Instal the McAfee SiteAdvisor addon in your browser. They have versions for Firefox and Internet Explorer. This addon will highlight to you when browsing any links which are considered unsafe.
   
   If you get redirected to the wrong download, use their link "Would you prefer" under the download link.
   
   
5. Use a sandbox for general web access. A sandbox is a means of providing a separate environment to browse in, that is deleted when you have finished browsing.  I use, and can recommend, Sandboxie that is advertised on the Tech Support Alert site linked above.  Using a sandbox means that if you happen by accident to visit any website that attempts to make changes to your PC, they will only happen to the sandboxed copy of your PC which is deleted after you have finished.  So no lasting damage should occur.  I always use a sandbox to visit sites if I do not know whether they are safe or not.