Whitwick & District U3A - Computing tip April 2013
One of the most powerful tools, especially against phishing, is common sense. Phishing is the attempt by fraudsters to obtain personal information e.g. bank details, and is usually done via emails (often as spam) where you are conned into clicking on a link or opening an attachment. It is probably the most common form of attack at the moment and they usually try and tempt you via curiosity, greed or fear, e.g. Picture of some current event, Tax refund, Blocking access to your bank account.
It is important to remember that an email does not necessarily come from whom it says it's from, nor does the inclusion of the correct logos or corporate wording mean anything. Most phishing emails give themselves away by not being specific e.g. they use generalised terms for the subject and phrases like "Dear customer" rather than "Dear Mr Smith", or "we have charged your credit card" rather than "we have charged your Visa Card ending 1234" and they often, but not always, have minor grammatical errors e.g. "please provide the following informations".
The best defence is to apply the same sort of common sense as you would if approached by a stranger in the street offering you something or asking for money; most importantly don't react too quickly but give pause for thought especially when asked to provide personal information. Bona fide organisations such as banks will never ask for this sort of information in emails.
You can also help people who receive emails from you by giving your emails a subject that is specifically relevant to the recipient, e.g. "Picture from WAD walk" is much better than "Nice picture" which could be from anyone about anything.
In the examples below, bracketed comments in red have been used to highlight some of the pointers, or comment on some of the aspects which are warning signs. All the examples are real. It is not uncommon for them to pretend they are enhancing your security or trying to protect you against fraud! Although not shown in these examples, some try to make themselves more credible by claiming that Microsoft, or some other well known firm or agency, has been involved.
This is the Fear type, aimed at making you panic and act without thinking. Similar examples could be supposedly from your bank. Another variant is to send an "invoice" for something you haven't bought.
|From:||service@paypaI.co.uk||Note capital I not l in paypal||Actually sent from firstname.lastname@example.org|
|Date:||11 March 2013 10:23|
|Subject:||PP1573: Your account has been limited|
There's an issue with your account
Dear Customer, (Note not a specific person)
PayPal is constantly working to ensure security (comma missing) regularly screening the accounts in our system. We recently reviewed your account and we need more information to help us provide you with (a missing) secure service. Until we can collect this information, your access to sensitive account features will be limited. We would like to restore your access as soon as possible and we apologize for the inconvenience.
Why is my account limited?
Your account access has been limited for the following reason(s):
* Unusual account activity has made it necessary to limit account access until additional verification information can be collected. (Your Case ID for this reason is PP-029-183-716-147)
* Our system detected unauthorized use of a credit card linked to your PayPal account. (Your Case ID for this reason is PP-058-183-716-441)
How can I get my account access restored?
* The restoration form is attached to this email. Please download the attachment, open it and follow the instructions on your screen.(This attachment is the bit that does the collecting of your personal information and has been removed from this example)
Once you complete all of the checklist items, your case will be reviewed by one of our account specialists. We will send you an email with the outcome of the review.
Please do not reply to this email because we are not monitoring this inbox.
To get in touch with us, log in to your account and click "Contact Us" at
the bottom of any page.
Copyright © 2012 PayPal. All rights reserved.
PayPal (Europe) S.à r.l. et Cie, S.C.A.
Société en Commandite par Actions
Registered office: 22-24 Boulevard Royal, L-2449 Luxemburg
RCS Luxemburg B 118 349
(The section from Copyright to the end is the same as genuine Paypal emails, but is missing the section in genuine ones which says: How do I know this is not a Spoof email? Spoof or ‘phishing’ emails tend to have generic greetings such as "Dear PayPal member". Emails from PayPal will always address you by your first and last name )
This is more of a curiosity type. It is, supposedly, from someone known to me, and in fact their account has been hijacked. Regretably accounts such as hotmail, yahoo, gmail are somewhat more susceptible to highjacking. In this particular instance, not only did the clues warn me, but I knew that Fred Smith wasn't in Spain!
|From:||Fred Smith <email@example.com>||The name has been changed, but it was someone I knew|
|Date:||16 August 2011 12:26|
|To:||Fred Smith <firstname.lastname@example.org>||Hotmail addresses are often targets to be compromised|
|Subject:||Its emergency help||Poor grammar, but in an emergency you might be slipshod|
I am Sorry for the surprise trip to Spain for a Conference i made recently (not normal English), I am really stranded here because I was attacked and robbed on the way to my hotel, all cash, document's and cell phone (UK users tend to say mobile phone) which i have (has) all my contacts were stolen off me.(from me) Presently (UK usage is At present) I have limited access to internet,I am very sorry I did not inform you before I traveled. Please i want you to help me with a loan of €1,250 urgently or any amount you can afford to help me with.I'll Refund the money back to you as soon as I get home without any delay.Write me back (back to me) so that i can send you my details were (where) you can help me send the money through Western Union money transfer.(WU means it would be untraceable)
(Erratic use of i instead of I throughout)
This is of the Greed type,who wouldn't like a tax refund. Another possibility are wins from lotteries you havn't entered.
|From:||HM Revenue & Customs Customersemail@example.com is not a real HMRC address|
|Date:||04 October 2011 12:39|
|Subject:||Service Refund||Is this likely HMRC terminology?|
HM Revenue & Customs Order Refund
(Why the term Order in the heading?)
This e-mail has been sent to you by HM Revenue & Customs to inform you that we must pay you back 478 GBP.(Wouldn't HMRC use £)
Please complete all the information to process your refund
Please allow 2 weeks for you (the) money to be availabe in (credited to) your account. (eg: address, phone) (what is this?)
Total refund amount: 478 GBP
To ensure that your service is not interrupted, we request you to confirm and update your information today by following the link below:
HM Revenue & Customs Order Refund (This was a link to http://www.refund12-hmrc.com/index.php?id=747001)
Thank you for your prompt attention to this matter. Do not reply to this e-mail.
Mail sent to this address cannot be answered.
Member 747001(Do the HMRC call you a member?!)
© HM Revenue & Customs 2011
Back to Information