Tips for recognizing a scam (phishing) email

This may be just a little off topic for a social media topic, but I thought it was worth sharing.

Here is an email that landed in my inbox this morning. I thought it was worth taking a look at it. Note that I decided against downloading the pictures for obvious reason, though I suspect it was just a copy and pasted Westpac logo.

Image

This clearly IS a spam (spoof is a very weird word) or phishing email in spite of their attempt to reassure you otherwise. Let’s dissect it and take a look at why that is.

  1. Firstly, and most obviously for me, I don’t have a Westpac account. If you have a Westpac account this does not apply, but do keep in mind that no bank will ask you to confirm your account details this way.
  2. Dear name@mailhost.com.au – (This was my actual email address but you did not need to know that) Think about this for a minute. Has any bank correspondence you received been addressed this way? In spite of their reassurance, I don’t believe a bank would ever address you by your email, because they would have your actual name and not just your email address, as is the case with the phishing post.
  3.  Before clicking on any link, hover over it with the cursor to reveal what the target web page is. In the case of the “Confirm your account” link, you will see a link that is clearly unrelated to Westpac in any way. I know that Microsoft Outlook has the ability to reveal target urls by hovering over links, and I am sure other email apps would as well.
  4. More on target links – Very interestingly, hovering over the other links (“Learn more about phishing”, “Where to Shop” (Really!! Why would this be on a bank email of this nature?), “How Westpac works” (Again, can you imagine this??), “Recover your Password or Email”, “Contact Us” and “terms and conditions” all appear to point to PayPal links. They have probably captured the footer from a PayPal email and updated some text to read “Westpac” instead of “PayPal” and did not bother to change the links.
  5. Take a look at the ‘copyright text’. Does it make sense as a copyright notice from Westpac? Apart from the weird characters (Â and ¢ for example) that are common in copying and pasting where source and target font types don’t match, does the copyright text make sense for a bank? Why is it talking about something not requiring the “Monetary Authority of Singapore”? Any text that a bank would use in such cases would be relevant to the situation and properly formatted.
  6. On a more obscure note, if I were to ask those who are familiar with Westpac, whether you have an account or not, what colour do you associate with Westpac? I am sure the answer would be red, right? On its own, this fact is not enough to rule the email out, but given the other issues, I would say it backs it up if nothing else.

There may be other things, and feel free to point them out. It is always worth considering whether something is right before clicking on the link.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s