Phishing with fraudulent emails from your bank: how to spot and stop them

For legality’s sake, let’s say the scammer was trying to impersonate Uppercase Two Bank.

Overall appearance

At first glance, the email seems legitimate enough. However, I notice inconsistencies in the design. You don’t have to be a graphic designer to get an overall blegh feeling  from this email. There’s at least 5 different types of fonts, too many font colors, and just an overall unprofessional feeling. Take notice of these details as a warning that something isn’t quite right.

Notice the details

Your bank will hire professionals who care about all the little details in a website, advertisement, even an email. If it feels like it was thrown together haphazardly, then it probably was, and you should be concerned.

• Check out the grammar and punctuation in the email: random capitalization, missing periods, etc.
• The from address says sent from Elastic Email on behalf of Uppercase Two. None of my legitimate emails from Uppercase Two were sent by some other company on their behalf, so why would this one be any different?
• The Find a bank link at the top right is not clickable. I suppose Uppercase Two could have forgotten to link this text, but that’s unlikely.
• The width of the logo bar up top is not as wide as the body of the email.
• The 800 number in the footer is for a completely different bank.

[hr]

Banks won’t email you

Sure, you’ll get emails about some new promotion that your bank is offering throughout the year. You may even get an email when your statement is ready, or after you change the phone number on your account. But, your bank will never email you with a link regarding your account specifically. The most your bank will do is notify you of a potential issue, then ask you to contact your local branch for assistance.

[hr]

Know where links are pointing

You should know where a link will take you before clicking it. Outlook makes this easy by just hovering your mouse over the link; a box will pop up . If you’re checking mail in your browser, the destination address will typically be located at the bottom left or right of the window when you hover over a link.

The goal of this whole email is for me to click the big blue Please Click Here To Start link in the center. Hovering over this link reveals that it will take me to some page on lvvq.net, which is not Uppercase Two’s website.

Now, the link here tries to trick you by putting the bank’s website as a subdomain – convincing for some. The trick here is to do the following:

1. Ignore the http:// and www (if present)
2. Scan through the link, and find the next forward slash / character, which is usually after the last .com, .net, or .org.
3. When you find that first forward slash, there will be something like word.com or word.net or word.org immediately before that. THIS is the actual domain of the site.
4. This example shows that this link will bring me to lvvq.net, which is not the correct website.

[hr]

Get a good browser, already!

You’ve heard that Internet Explorer is less secure than other browsers, and the proof is below. Notice how each browser handles the link from this email. Firefox and Chrome stop me dead in my tracks, warning me of a potential threat. But, Internet Explorer gladly loads the page for me to proceed with handing over my bank account information. Thanks, Microsoft!

[hr]

General knowledge

You should never use a link in your email as the starting point for a potential problem with any of your online accounts. If an email warns you of an issue, you should visit the website directly in your browser and log into your account there. Otherwise, find the number of your nearest branch (in Google Maps or a phone book) and call the bank directly.