Having just watched an excellent screencast on how to spot a phishing scam created by Nik Peachey, I wanted to share his excellent tips.
Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.
Nik’s screencast takes you through a real example of a fraudulent email which looks as if it has been sent by BT Yahoo. The short video points out the important things to look for to check for authenticity. I recommend you taking a look.
Nik advises that the key pointers to look out for are as follows:
- The information in the message. I used Google to check out the content and the name of the sender to see if they were genuine.
- Use of English. Grammatical mistakes and use of either too formal or very informal language are often a give away.
- The look and design of the message. This is often very poor and at best has some kind of attempt to link to a logo from the company.
- Mouse over the hyperlinks and look to see where they go, if they go anywhere. Dead links or non-existent ones are a give away as are ones that are random numbers or letters or which have an odd suffix. The one in my message led to sngsnfjswrsad and had a suffix of .p.ht so that’s very suspicious.
- The return address. Although it looked like customer services, it’s very easy to set up an email that shows anything you want it to in the reply, but checking the true address showed this to be a random email account and quite possibly not even the one that belonged to the sender.
To add, Microsoft warn about the misuse of web addresses by Cybercriminals. This is where they re-create an address that resembles the names of well-known companies but are slightly altered by adding, omitting, or transposing letters. For example, the address ‘www.microsoft.com’ could appear instead as:
This is called “typo-squatting” or “cybersquatting.”
Emails that sound too good to be true very often are. Taking care to check the points above will help to minimise risks. Microsoft offer further advice on how to protect yourself from email and webscams.