Dissecting a Phishing Email
I received a phishing email and, as I always do, I immediately deleted it. Later, I gave it some thought and I dragged it out of the deleted items folder and used it as an example for this tutorial written to help you keep your identity safe by learning to easily recognize a phishing email.
A lot of people think that identities are stolen when hackers furtively hack into personal computers and reap all kinds of juicy personal information by manually digging through all the files and folders on a personal computer. But honestly, you have a much better chance of winning the MegaMillions lottery.
Most hackers hack into computers and computer systems by luring a “phish” into clicking a link in a phishing email and downloading malware which kind of turns the computer into a zombie allowing the hacker to access databases, passwords, and all kinds of stuff.
But for most people, the way hackers and criminals steal identities is by tricking the victim into clicking a link in a phishing email that is designed to look like a legitimate email from a bank, credit card company, financial institution and/or government site. When the victim clicks the link in the phishing email, the site that opens looks just like (or a lot like) the authentic site is supposed to look. The login boxes are on the log-in page as they almost always are. But in this case, if the victim enters their real username and password, wham! They got ya!
Did the criminal/hacker steal this person’s password and user name? Not exactly. The victim was tricked into voluntarily giving the criminals everything they need to drain accounts or wreak havoc with credit cards – or even worse steal this person’s identity and open up dozens of accounts using the victim’s name, social security number, home address, etc. And woe, woe, woe are they!
For this example today, I’m going to use a phishing email I received recently. Millions of people have Discover Cards and probably thousands have fallen prey to this phishing scam. But, by no means is this kind of thing limited to Discover, the same thing happens Visa and Mastercard customers, customers of large national banks, and those using online tax services and government sties. But for today’s example, we’re going to use the Discover card phishing email.
First, this scam wasn’t even well done. They made mistakes like putting a woman’s name at the bottom of the email. They used English in the body of the email even worse than mine…my dear grammarians.
You can tell by the way it’s written that the authors don’t speak or write English as a first language. But I’ll bet you that more than a few people have been scammed into giving up their Discover account information, simply because they didn’t recognize an obvious phishing email.
I want to remind you all, once again, always be leery of email from banks, credit card companies, government sites, etc. It’s too easy to fall for phishing scams if you’re careless.
You can keep yourself a lot safer just by remembering our simple rules when it comes to emails from the government, banks and other financial institutions, credit card companies, etc.:
1. A legitimate email from a bank or financial institution will be addressed to you such as “Dear JoAnne Miller” not “Dear Customer” or “Dear Cardholder” or “Dear Valued Customer” or worse “To whom it may concern”.
2. A legitimate email from a bank, financial institution, official government site, or credit card company will never ask you to click a link to verify your account or change your password. They may ask you to visit the official site and log in, but they will never provide a link in the email.
3. NEVER click links in emails from government Websites, banks and financial institutions, and or credit card companies.
If something in the email seems urgent, and you’re in doubt, visit the site by using the URL you know, for example, https://www.discover.com/ or https://bankofamerica.com/ or https://www.paypal.com, etc. And then verify the URL in the address bar – make sure it starts with https:// not http://. All browsers will show a lock icon in the address bar when you’re on a secure Website.
If you want more details, you can click on the lock and get more information about the site.
Now on to today’s lesson on phishing — no pole or bait needed — just common sense and a couple of functioning eyeballs.
It all begins with a sort-of official-looking email. This particular scam was sloppy, but many are not. You notice that the email below has two links. One at the top to view the “Web version” and the telltale click “Verify now” which should be enough to send you scurrying away and sending the email to the deleted items folder.
Here…let’s look at this one up close. Or as I like to say – let’s dissect it. EB, scalpel, please!
All the English police who notoriously love to point out my grammatical guffaws, owe me a gold star when compared to these crooks! I’ve highlighted – in green – things you should note. You sure don’t need me to explain why they’re highlighted, right?
And look above: These crooks are so sloppy that this email, supposedly from Discover, has the name of some women living in Hawaii at the bottom of it. Who the heck is Joyce Yoshimoto? Will the real Joyce Yoshimoto please stand up!
We should all drop her a note! Don’t bother. The address probably doesn’t exist or if it does it belongs to Kahlua Kai Kai Funeral Home or Benny J’s Restaurant or the Immortal House of Pink Poi.
And if for those who are foolish enough to click the link in this phishing email… they will land upon a very official-looking page complete with an 800 “help number…which they hope that you don’t call because it’s legit.
Now, if you were crazy enough to click the link in the email and thus land upon this fake Discover site, you can still save yourself by looking at the URL in your browser’s address bar.
In my example Discover Card phishing email, if you were to click the link in the email and go to the counterfeit Discover site… just looking in the address bar in your browser could save you. The URL has nothing to do with Discover.com unless you think Discover should be on a domain called Vonlichten – and you don’t believe that do you? Plus, there is no https:// and no lock icon there either.
An easy way to tell the real domain name is that it’s the name that immediately precedes the dot com, dot net, dot org, dot tv, dot whatever is the domain name. In the example above the criminals hope you don’t see that the domain is vonlichten.com.
But these folks think they are clever indeed. They stuck the lock icon on the page! (See the screenshot below.)
How clever. They hope the lock will make you feel warm and fuzzy and you’ll pay no attention to the URL in the address bar…or the criminals behind the curtain.
I don’t recommend you do this, I recommend you just delete the phishing email and be done with it. But I like to have fun with these idiots. So when I have time and I get a phishing email, I like to in fake USER IDs, email addresses and passwords which I create by banging a bunch of keys– like this:
ihfidafauoifdifoaifoaierfoaeadsofjaoiuofiuoiauteryheorfafuaopadsuoufa …like that.
Sometimes I use bad words 🙂 but not today, I don’t want you to think I’m a foul-mouthed son-of ….er … a bad-word user.
Don’t be stupid like me, Don’t click links emails that look like they came from your bank or financial institution or your credit card company – or your government. Just don’t. Don’t toy with phishing sites like me. Like they say on Mythbusters – don’t do this at home. We’re professionals and we’re allowed to do crazy, stupid stuff.
Remember, follow the three rules below and you’ll end up being safe and not spending weeks or months and hundreds of dollars trying to repair the damage that occurred because you clicked a link in a phishing email, despite our continued efforts to keep you safe.
Our three easy rules to help you avoid phishing scams
1. A legitimate email from a bank, financial institution, credit card company or your government will be addressed to you with your name such as:
“Dear JoAnne Miller” not “Dear Customer” or “Dear Cardholder” or “Dear Valued Customer”.
2. A legitimate email from a bank, financial institution, credit card company or your government will never ask you to click a link to verify your account or change or check your password. They may ask you to visit their website and log in, but they will never provide a link in the email.
3. NEVER click links in emails from your bank, financial institution, credit card company or government. If in doubt, visit the bank or financial institutions’ site by using the URL you know, like https://www.discover.com/ and then verifying the URL in the address bar – and make sure it starts with https:// not http://. All browsers will show a lock icon in the browser’s address bar before the website’s name or URL (web address).
And if you copy the Web address from the browser’s address bar you’ll see the entire URL In the above example when I copy and paste the URL (web address) I can see it’s correct:
We want you to be safe without spending hundreds of dollars on identity theft protection that you don’t need. All you need is common sense and the knowledge to recognize a phishing email when you see one. We hope this article helps you and keeps you from being the victim of identity theft and/or phishing scams.