Dissecting a Phishing Email

By | January 25, 2020
Print Friendly, PDF & Email

 

 

Dissecting a Phishing Email - Cloudeight InternetDissecting a Phishing Email

I received a phishing email and, as I always do, I immediately deleted it. Later, I gave it some thought and I dragged it out of the deleted items folder and used it as an example for this tutorial written to help you keep your identity safe by learning to easily recognize a phishing email.

A lot of people think that identities are stolen when hackers furtively hack into personal computers and reap all kinds of juicy personal information by manually digging through all the files and folders on a personal computer. But honestly, you have a much better chance of winning the MegaMillions lottery.

Most hackers hack into computers and computer systems by luring a “phish” into clicking a link in a phishing email and downloading malware which kind of turns the computer into a zombie allowing the hacker to access databases, passwords, and all kinds of stuff.

But for most people, the way hackers and criminals steal identities is by tricking the victim into clicking a link in a phishing email that is designed to look like a legitimate email from a bank, credit card company, financial institution and/or government site. When the victim clicks the link in the phishing email, the site that opens looks just like (or a lot like) the authentic site is supposed to look. The login boxes are on the log-in page as they almost always are. But in this case, if the victim enters their real username and password, wham! They got ya!

Did the criminal/hacker steal this person’s password and user name? Not exactly. The victim was tricked into voluntarily giving the criminals everything they need to drain accounts or wreak havoc with credit cards – or even worse steal this person’s identity and open up dozens of accounts using the victim’s name, social security number, home address, etc. And woe, woe, woe are they! 

For this example today, I’m going to use a phishing email I received recently. Millions of people have Discover Cards and probably thousands have fallen prey to this phishing scam. But, by no means is this kind of thing limited to Discover, the same thing happens Visa and Mastercard customers, customers of large national banks, and those using online tax services and government sties.  But for today’s example, we’re going to use the Discover card phishing email.

First, this scam wasn’t even well done. They made mistakes like putting a woman’s name at the bottom of the email. They used English in the body of the email even worse than mine…my dear grammarians.

You can tell by the way it’s written that the authors don’t speak or write English as a first language. But I’ll bet you that more than a few people have been scammed into giving up their Discover account information, simply because they didn’t recognize an obvious phishing email.

I want to remind you all, once again, always be leery of email from banks, credit card companies, government sites, etc. It’s too easy to fall for phishing scams if you’re careless.

You can keep yourself a lot safer just by remembering our simple rules when it comes to emails from the government, banks and other financial institutions, credit card companies, etc.:

1. A legitimate email from a bank or financial institution will be addressed to you such as “Dear JoAnne Miller” not “Dear Customer” or “Dear Cardholder” or “Dear Valued Customer” or worse “To whom it may concern”.

2. A legitimate email from a bank, financial institution, official government site, or credit card company will never ask you to click a link to verify your account or change your password. They may ask you to visit the official site and log in, but they will never provide a link in the email.

3. NEVER click links in emails from government Websites, banks and financial institutions, and or credit card companies. 

If something in the email seems urgent, and you’re in doubt, visit the site by using the URL you know, for example, https://www.discover.com/ or https://bankofamerica.com/  or https://www.paypal.com, etc. And then verify the URL in the address bar – make sure it starts with https:// not http://. All browsers will show a lock icon in the address bar when you’re on a secure Website.

lock-of-safety

If you want more details, you can click on the lock and get more information about the site.

Now on to today’s lesson on phishing — no pole or bait needed — just common sense and a couple of functioning eyeballs.

It all begins with a sort-of official-looking email. This particular scam was sloppy, but many are not. You notice that the email below has two links. One at the top to view the “Web version” and the telltale click “Verify now” which should be enough to send you scurrying away and sending the email to the deleted items folder.

Cloudeight Internet

Here…let’s look at this one up close. Or as I like to say – let’s dissect it. EB, scalpel, please! 

Cloudeight Internet

All the English police who notoriously love to point out my grammatical guffaws, owe me a gold star when compared to these crooks! I’ve highlighted – in green – things you should note. You sure don’t need me to explain why they’re highlighted, right?

Cloudeight Internet

And look above: These crooks are so sloppy that this email, supposedly from Discover, has the name of some women living in Hawaii at the bottom of it. Who the heck is Joyce Yoshimoto? Will the real Joyce Yoshimoto please stand up!

We should all drop her a note! Don’t bother. The address probably doesn’t exist or if it does it belongs to Kahlua Kai Kai Funeral Home or Benny J’s Restaurant or the Immortal House of Pink Poi.

And if for those who are foolish enough to click the link in this phishing email… they will land upon a very official-looking page complete with an 800 “help number…which they hope that you don’t call because it’s legit.

Cloudeight Internet

Now, if you were crazy enough to click the link in the email and thus land upon this fake Discover site, you can still save yourself by looking at the URL in your browser’s address bar.

In my example Discover Card phishing email, if you were to click the link in the email and go to the counterfeit Discover site… just looking in the address bar in your browser could save you. The URL has nothing to do with Discover.com unless you think Discover should be on a domain called Vonlichten – and you don’t believe that do you? Plus, there is no https:// and no lock icon there either.

An easy way to tell the real domain name is that it’s the name that immediately precedes the dot com, dot net, dot org, dot tv, dot whatever is the domain name. In the example above the criminals hope you don’t see that the domain is vonlichten.com.

Cloudeight Internet

But these folks think they are clever indeed. They stuck the lock icon on the page! (See the screenshot below.)

Cloudeight Internet

How clever. They hope the lock will make you feel warm and fuzzy and you’ll pay no attention to the URL in the address bar…or the criminals behind the curtain.

Cloudeight Internet

I don’t recommend you do this, I recommend you just delete the phishing email and be done with it. But I like to have fun with these idiots. So when I have time and I get a phishing email, I like to in fake USER IDs, email addresses and passwords which I create by banging a bunch of keys– like this:

ihfidafauoifdifoaifoaierfoaeadsofjaoiuofiuoiauteryheorfafuaopadsuoufa …like that.

Sometimes I use bad words 🙂 but not today, I don’t want you to think I’m a foul-mouthed son-of ….er … a bad-word user.

Don’t be stupid like me, Don’t click links emails that look like they came from your bank or financial institution or your credit card company – or your government. Just don’t. Don’t toy with phishing sites like me. Like they say on Mythbusters – don’t do this at home. We’re professionals and we’re allowed to do crazy, stupid stuff.

Cloudeight Internet

Remember, follow the three rules below and you’ll end up being safe and not spending weeks or months and hundreds of dollars trying to repair the damage that occurred because you clicked a link in a phishing email, despite our continued efforts to keep you safe.

Our three easy rules to help you avoid phishing scams

1. A legitimate email from a bank, financial institution, credit card company or your government will be addressed to you with your name such as:

“Dear JoAnne Miller” not “Dear Customer” or “Dear Cardholder” or “Dear Valued Customer”.

2. A legitimate email from a bank, financial institution, credit card company or your government will never ask you to click a link to verify your account or change or check your password. They may ask you to visit their website and log in, but they will never provide a link in the email.

3. NEVER click links in emails from your bank, financial institution, credit card company or government. If in doubt, visit the bank or financial institutions’ site by using the URL you know, like https://www.discover.com/ and then verifying the URL in the address bar – and make sure it starts with https:// not http://. All browsers will show a lock icon in the browser’s address bar before the website’s name or URL (web address).

Secure Site

And if you copy the Web address from the browser’s address bar you’ll see the entire URL In the above example when I copy and paste the URL (web address) I can see it’s correct:

https://www.discover.com/

We want you to be safe without spending hundreds of dollars on identity theft protection that you don’t need. All you need is common sense and the knowledge to recognize a phishing email when you see one. We hope this article helps you and keeps you from being the victim of identity theft and/or phishing scams.

 

8 thoughts on “Dissecting a Phishing Email

  1. Muriel Schlecht

    Well done, TC. I know you’ve written this cautionary tale many, many times before over the years. I think this is one of your best efforts. I sure hope more will take heed this time and save themselves from the heartache and financial disaster these crooks can cause.

    Reply
  2. JonInOz

    Hi Darcy & TC,
    Dissecting an e’mail is an interesting job, the amusing part is seeing the glaring mistakes, the use of Dear Customer, means (idiot if you’re foolish enough to proceed)
    Furthermore I right click on the ‘header’, right click and select Properties, left click which opens a screen with the tabs General, Headers and Source then I see lots of information which may take some time to read but it certainly is a method of discovering the god-bad level of authenticity.
    Thank you for the purposeful explanation which I can send to those people I know who fall for scams, et al.

    Reply
    1. D.

      @ JonInOz, I’m in Thunderbird email but I can hit “Ctrl” +” U” after I highlight an email and that will bring up Source for me with no extra steps. I used to do the same as you. Try that :=) .

      Reply
  3. Marie Barrese

    This was very interesting and educating, thank you! You are right, I have seen some very legitimate looking emails that bring you to very legitimate looking sites. I almost fell for one of these because it told me my information had been compromised. Then I remembered some good advice I read in one of your newsletters and took a deep breath and doubled checked the URL. Not only was it not secured with the iconic https and a padlock, it wasn’t the address of the website I would usually visit to access my account. How scary! I had almost fallen for the scam because they managed to scare me into a panic and made me think I had really been compromised. Which I almost was if not for the good advice of the good people at cloudeight!

    Reply
  4. Patricia McCosker

    wish I had known all these things a couple of weeks ago. I fell into the trap and was deprived of $152 from my bank account before the trap was discovered. Luckily I am with a bank who refunded the money but now all my bankcards and credit cards are cancelled and I have to wait for new ones. Thank you for all the information you have made me aware of so hopefully I will not get caught out again

    Reply
  5. Mae Watson

    Well done. I have had more problems with phone calls.
    The voice is too official. The phone number is often very long.
    If they ask if I am M.. ‘ I say ‘I am she.’ Rather than the expected ‘yes’ This gets me a confused silence.

    I do appreciate all the help you offer to protect the computer and practise safe emailing.

    Reply
  6. Helen Arano

    what should you do if you are an idiot and open it out of curiosity?

    Reply
    1. infoave Post author

      You can open it but if you click links in the phishing email you could lose money, personal information or your identity. You should delete it. You should delete any email from a bank, credit card company, financial institution, payment processor or government entity that tells you to click a link to change or verify your password, your account information, etc. If you’re in doubt type the URL to the site in your browser to log in. Do not click links in emails from a bank, credit card company, financial institution, payment processor or government entity

      Reply

Leave a Reply to Muriel Schlecht Cancel reply

Your email address will not be published. Required fields are marked *