This morning I received an email from “Bank of America” asking me to click on the link included to verify some information that’s been changed with my banking details.
Well, given that I was addressed as “Dear Reliable Customer,” and that I don’t have an account with Bank of America, I was pretty sure this was a phishing attack. Viewing the raw form of the message, which exposes the HTML, further confirmed that the email was not from Bank of America, nor was the link for verification destined for Bank of America’s servers.
Normally, I put such stuff in my spam folders, but this one impressed me. It was good. Very good. The email actually used what look like an old banner from Bank of America’s site to produce quite an authentic branded email. It did so by making an image tag to a real Bank of America server.
As such, I felt it was worth the time to gather all the server information I could and pass it along to Bank of America, with the hopes that either their technicians or lawyers would be able to have a field day with the sender.
Not only did I get a nice reply back from Bank of America, but I have to say they really have their act together!
Check out this simple 7-point list they passed on that concisely helps customers identify when they might be defrauded by a scammer.
Source: Bank of America’s email
The main goal of a phishing email is to get you to a site where you will provide your personal information. With these basic, but powerful, clues, you can easily recognize the threat and ensure the safety of your identity and finances.
1. Does the email ask you to go to a website and verify personal information? We won’t ask you to verify your personal information in response to an email.
2. What is the tone of the mail? Most phish emails convey a sense of urgency by threatening discontinued service or information loss if you don’t take immediate action.
3. What is the quality of the email? Many phish emails have misspellings, bad grammar, or poor punctuation.
4. Are the links in the email valid? Deceptive links in phishing emails look like they are to a valid site, but deliver you to a fraudulent one. Many times you can see if the link is legitimate by just moving your mouse over the link.
5. Is the email personalized with your name and applicable account information? Many phish emails use generic salutations and generic information (e.g. “Dear Customer” or “Dear Account Holder”) instead of your name.
6. What is the sender’s email address? Many phish emails come from an email address not from the company represented in the email.
7. When in doubt, type it out. If you suspect an email to be phishing, don’t click on any links in the email. Type the valid address directly into your web browser.
Wonderful advice. And it applies to more than just banking emails.
Thank you, Bank of America. It’s something simple I can pass along to friends and family.
I have wondered from time to time how many people fall for the pseudo-eBay phishing messages that start along the lines of “Dear Reliable Customer: We have included your user name in this message to show that this is a legitmate communication from eBay…”