A Phishing Email Dissected

By | May 18, 2021
Print Friendly, PDF & Email

 

 

 

 

Dissecting a Phishing Email - Cloudeight InternetA Phishing Email Dissected

Keeping You Safe!

I received a phishing email and, as I always do, I immediately deleted it. Later, I gave it some thought, and I dragged it out of the deleted items folder.  I decided to use it as an example for this tutorial to help you keep your identity safe by learning to easily recognize a phishing email.

A lot of people mistakenly think that identities are stolen when hackers furtively hack into personal computers and reap all kinds of juicy personal information by manually digging through all the files and folders on their personal computers. But honestly, you have a much better chance of winning the MegaMillions lottery. And that is a fact.

Most hackers “hack” into computers and computer systems by tricking a “phish” into clicking a link in a phishing email that downloads a malware or ransomware app thus infecting the target computer. Some of these malware apps can turn the computer into a zombie allowing the hacker to access databases, passwords, and all kinds of stuff.

But for most people, the way hackers and criminals steal identities is by tricking the victim into clicking a link in a phishing email that is designed to look like a legitimate email from a bank, credit card company, financial institution, and/or government site, etc. When the victim clicks the link in the phishing email, the site that opens looks exactly like (or a lot like) the authentic site is supposed to look. The login boxes are on the log-in page as they always are. But in this case, when the victim enters their real username and password into the log-in boxes, wham! They got ya!

Did the criminal/hacker actually steal this person’s password and username? No. The victim was tricked into voluntarily giving the criminals everything they need to drain accounts or wreak havoc with credit cards – or even worse steal this person’s identity and open dozens of accounts using the victim’s name, social security number, home address, etc. And woe, woe, woe are they! 

For this today’s example, I’m going to use a phishing email I received recently. Millions of people have Discover Cards and I’m guessing thousands have fallen prey to this phishing scam. But, by no means is this kind of thing limited to Discover, the same thing happens to Visa and Mastercard customers, customers of large national banks, and those using online tax services and government sties.  But for today’s example, we’re going to use the Discover card phishing email.

First, this scam wasn’t even well done. They made mistakes like putting a woman’s name at the bottom of the email. They used English in the body of the email even worse than mine…my dear grammarians.

You can tell by the way it is written that the authors don’t speak or write English at least not as a first language. But I’ll bet you that more than a few people have been tricked into giving up their Discover account information, simply because they didn’t recognize an obvious phishing email.

I want to remind you all, once again, always be leery of email from banks, credit card companies, government sites, etc. It’s too easy to fall for phishing scams if you’re careless.

You can keep yourself a lot safer just by remembering our simple rules when it comes to emails from the government, banks and other financial institutions, credit card companies, etc.:

1. A legitimate email from a bank or financial institution will be addressed to you such as “Dear JoAnne Miller” not “Dear Customer” or “Dear Cardholder” or “Dear Valued Customer” or worse “To whom it may concern”.

2. A legitimate email from a bank, financial institution, official government site, or credit card company will never ask you to click a link to verify your account or change your password. They may ask you to visit the official site and log in, but they will never provide a link in the email.

3. NEVER click links in emails from government Websites, banks, and financial institutions, and/or credit card companies asking you to take action – for example… “Your password has been compromised. Click here to reset your password.”

If something in the email seems urgent, and you’re in doubt, visit the site by using the URL you know, for example, https://www.discover.com/ or https://bankofamerica.com/  or https://www.paypal.com, etc. And then verify the URL in the address bar – make sure it starts with https:// not http://. All browsers will show a lock icon in the address bar when you’re on a secure website.

lock-of-safety

If you want more details, you can click on the lock and get more information about the site.

Now on to today’s lesson on phishing — no pole or bait needed — just common sense and a couple of functioning eyeballs.

It all begins with an official-looking email. This scam was a bit sloppy, but many are not. You notice that the email below has two links. One at the top to view the “Web version” and the telltale click “Verify now” which should be enough to send you scurrying away and sending this email directly to the deleted items folder.

Cloudeight Internet

Here…let’s look at this one up close. Or as I like to say – let’s dissect it. EB, scalpel, please! 

Cloudeight Internet

All the Grammar Police who notoriously love to point out my grammatical guffaws, owe me a gold star compared to these crooks! I’ve highlighted – in green – things you should note. You sure don’t need me to explain why they’re highlighted, right?

Cloudeight Internet

And look above: These crooks are so sloppy that this email, supposedly from Discover, has the name of some women living in Hawaii at the bottom of it. Who the heck is Joyce Yoshimoto? Will the real Joyce Yoshimoto please stand up!

We should all drop her a note! Don’t bother. The address probably doesn’t exist or if it does it belongs to Kahlua Kai Kai Funeral Home or Benny J’s Restaurant or the Immortal House of Pink Poi.

And if for those who are foolish enough to click the link in this phishing email… they will land upon a very official-looking page complete with an 800 “help number…which they hope that you don’t call because it’s legit.

Cloudeight Internet

Now, if you were crazy enough to click the link in the email and thus land upon this fake Discover site, you can still save yourself by looking at the URL in your browser’s address bar.

In my example Discover Card phishing email, if you were to click the link in the email and go to the counterfeit Discover site… just looking in the address bar in your browser could save you. The URL has nothing to do with Discover.com unless you think Discover should be on a domain called Vonlichten – and you don’t believe that do you? Plus, there is no https:// and no lock icon there either.

An easy way to tell the real domain name is that it’s the name that immediately precedes the dot com, dot net, dot org, dot tv, dot whatever is the domain name. In the example above the criminals hope you don’t see that the domain is vonlichten.com.

Cloudeight Internet

But these folks think they are clever indeed. They stuck the lock icon on the page! (See the screenshot below.)

Cloudeight Internet

How clever. They hope the lock will make you feel warm and fuzzy and you’ll pay no attention to the URL in the address bar…or the criminals behind the curtain.

Cloudeight Internet

I don’t recommend you do this; I recommend you just delete the phishing email and be done with it. But I like to have fun with these idiots. So, when I have time and I get a phishing email, I like to in fake USER IDs, email addresses, and passwords which I create by banging a bunch of keys– like this:

ihfidafauoifdifoaifoaierfoaeadsofjaoiuofiuoiauteryheorfafuaopadsuoufa …like that.

Sometimes I use bad words but not today, I don’t want you to think I’m a foul-mouthed son-of ….er … a bad-word user.

Don’t be stupid like me, don’t click links in emails that appear to be from your bank or financial institution or your credit card company – or your government. Just don’t. Don’t toy with phishing sites like me. Like they say on MythBusters – don’t do this at home. We’re professionals and we’re allowed to do crazy, stupid stuff.

Cloudeight Internet

Remember, follow the three rules below and you’ll end up being safe and not spending weeks or months and hundreds of dollars trying to repair the damage that occurred because you clicked a link in a phishing email, despite our continued efforts to keep you safe.

Our three easy rules to help you avoid phishing scams

1. A legitimate email from a bank, financial institution, credit card company or your government will be addressed to you with your name such as:

“Dear JoAnne Miller” not “Dear Customer” or “Dear Cardholder” or “Dear Valued Customer”.

2. A legitimate email from a bank, financial institution, credit card company, or your government will never ask you to click a link to verify your account or change or check or reset your password. They may ask you to visit their website and log in, but they will never provide a link in the email.

3. NEVER click links in emails from your bank, financial institution, credit card company, or government. If in doubt, visit the bank or financial institutions’ site by using the URL you know, like https://www.discover.com/ and then verifying the URL in the address bar – and make sure it starts with https:// not http://. All browsers will show a lock icon in the browser’s address bar before the website’s name or URL (web address).

Secure Site

And if you copy the Web address from the browser’s address bar you’ll see the entire URL In the above example when I copy and paste the URL (web address) I can see it’s correct:

https://www.discover.com/

We want you to be safe without spending hundreds of dollars on identity theft protection that you don’t need. All you need is common sense and the knowledge to recognize a phishing email when you see one. We hope this article helps you and keeps you from being a victim of identity theft and/or other phishing scams.

Leave a Reply

Your email address will not be published.