The Anatomy of Phishing Emails: How to spot one
By: Al Restar, Zero Day A few weeks ago, a friend of mine told me about an email she received from what appeared to be her bank. The specific email asks her to go to a particular link and verify her account information, lest her account would be disabled. Being an accountant that she is,
By Staff Writer
By: Al Restar, Zero Day
A few weeks ago, a friend of mine told me about an email she received from what appeared to be her bank. The specific email asks her to go to a particular link and verify her account information, lest her account would be disabled.
Being an accountant that she is, she immediately knew that the email she received was a bogus one. She did a little research about the scam that mainly targets clients of her bank, and she found out that there were cases where people have fallen on the trap and ended up losing all the money they had in their account.
What my friend described to me was an example of a phishing attack. It is a form of cybercrime where the malicious actor aims to extract sensitive information like your bank account details to use it in a more dangerous attack in the future by posing as a legitimate website or service. Phishing campaigns are usually sent through SMS or emails.
In the case of my friend, the attacker masquerades as an official email from her bank and redirects the victim to a well-designed webpage that mimics the bank’s own website. By keying in a victim’s account information like account number, date of birth, name, and online banking password, the attacker will now have access to the victim’s bank account and can steal funds from it.
Phishing campaigns are not uncommon. In fact, most of the sophisticated attacks out there start with a good phishing operation. Falling victim to one could potentially have severe consequences – in the case of the victims of a similar phishing campaign as my friend, they lost all their hard-earned money.
But how do we know if the email or text we receive is a phishing email? There are a few tell-tale signs, and I’m going to discuss them in detail here.
They come from a questionable email address.
In the phishing email that my friend received, the attacker disguised himself as Bank of the Philippine Islands. By examing the email, I was able to notice that the email address used by the attack does not coincide with BPI’s official email address.
The official email address of BPI bears the domain bpi.com.ph, and this is consistent across all of the bank’s departments. Meanwhile, the message that my friend receives came from cards@bpisupport.com, which I know for a fact is not an official BPI domain.
They use a different logo from the official emails you receive
Logos are important to every brand. Big companies will make sure that their branding is consistent all throughout their customer communications – including emails. One striking problem with the email my friend received was that it used a totally different logo as a display picture than what is used by the official BPI email.
The link they provide will redirect to a different URL
Phishing emails usually come with a link that you can follow to enter your information. In this case, the link was https://online.bpi.com.ph/. Actually, this link is the official URL for BPI’s online banking portal. However, a closer inspection of the link revealed that it was a hyperlinked to a tinyURL.
My friend told me that at first, she thought that the email was legit because the link has an SSL certificate (signified by https). But don’t be fooled because this technique is also being used by hackers often. Instead of basing your judgment on the link that is written on the email, check out the URL when you open the URL.
It asks you to “verify” information online.
Emails that ask you to verify your information online while threatening you with the foreclosure of your account are most likely phishing emails. This is particularly true with online banking, as banks usually have a very strict data protection policy.
There are other signs to know whether or not an email is a phishing campaign that is not present in the example that I used to illustrate it. Nonetheless, the point of this article is to help you spot some of the most common signs of a phishing campaign through email. If you are unsure if the email you received is legit or not, make it a habit to verify it with your bank all the time. With enough knowledge about phishing, you can avoid falling victim to this time of cybercrime.
Article Information
Comments (0)
LEAVE A REPLY
No comments yet
Be the first to share your thoughts!
Related Articles
Iloilo City bets big on socialized housing with PHP 200-M loan
By Rjay Zuriaga Castor Iloilo City is steadily expanding its socialized housing program through large-scale land acquisition and multiple ongoing developments aimed at easing the city’s housing backlog, according to the Iloilo City Local Housing Office (ICLHO). ICLHO head Peter Millare cited the city’s PHP 200-million loan from the Development Bank of the Philippines in
BFP warns businesses against food order scams
By Glazyl M. Jopson BACOLOD CITY — The Bureau of Fire Protection in Bacolod City and Negros Occidental has warned business establishments and the public against food order scams involving individuals falsely claiming to represent the BFP. Two incidents were reported in Himamaylan City and Binalbagan town on April 24. In an advisory, the Himamaylan
Negros communities mourn journalist RJ Ledesma
“A skilled journalist and writer, an active human rights defender, and a good friend.” This is how colleagues, friends, and family remember RJ Nichole Ledesma, a writer and editor of Paghimutad-Negros, an alternative media outfit on Negros Island, and the regional coordinator of Altermidya Network on the island. Ledesma was one of