Thursday, August 2, 2012

No phishing

Did that email really come from my bank, or is it just a good imitation? Phishing is a message that purports to come from one source, but actually comes from a bad guy; usually trying to steal your valuable personal information.

Last month we discussed ways to recognize whether an email was probably legitimate. Here is an example of a good email I received from one of my financial institutions.
First of all, notice that I have disabled automatically showing pictures in email I receive (green circle). The critical content of the message is completely contained in text. Pictures can hide links or silently allow the sender to track that you actually opened the email and might be susceptible to more like this. Sloppy phishers may also use pictures wholesale to copy the look of the legitimate mailer rather than recreating the text from scratch.

Secondly, there are only two places (red circles) where they give you the specifics to contact them: one is a phone number and the other an email address. Neither of these contact points asks directly for your personal information.

As a reminder of good practices, the central part of the message advises you to type their website into your browser - no links to hide a bad connection - and log on to your account.

A few other financial institutions use similar good practices to send you critical information. Others - credit cards are notoriously bad - wrap their status updates around a myriad of pictures and links. Some of these links may not even go back to the sender, but to advertisers or other third parties. That type of email may be acceptable for a newsletter, but don't ever log in to your account from a link in a congested email.

Read more
Windows Secrets
article on "Whether Windows is safe for banking"

And then, there's a bad email from a financial company:

 Creative Commons License. This work by Bill Barnes is licensed under a Creative Commons BY-NC-SA 3.0 US License. Permissions beyond the scope of this license may be available at
(c) 2012 Bill Barnes - Disclaimer - Home Page - Blogs Home

No comments: