Skip to navigation

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.

// Home / Blogs

Posted on May 29th, 2014 by Nicole Kobie

Phishing emails: how I nearly got caught out

A phishing email popped into my inbox this morning. That’s hardly a rare occurrence, but what was unusual about this one is that I really wasn’t sure, for a moment, if it was malicious or not.

Take a look:

natwest

This caught my eye, as I’ve recently returned from overseas travel, and I did (foolishly) log into my account on hotel Wi-Fi without taking any precautions. What if someone had nabbed my login credentials?

Of course, I would never click a login link embedded in an email, and the odd language raised my suspicions: “customers are not permitted to log in from different places at same time” is a strange thing to say, given it’s impossible under the laws of physics. Hovering over the link showed the actual destination was something called “bodegon.mx” — clearly nothing to do with NatWest.

Pretty straightforward stuff. So why did I even give it a second look? Because Outlook.com told me that the sender was in my “safe list”.

It’s true, the message had been sent from a sensible sounding email address, customerservice@natwestsecure.com — but a hacker could have registered that domain themselves, or spoofed it, and a plausible domain name shouldn’t be enough to trick a spam filter. So why did this go to my inbox, rather than being caught up in spam or my junk mail — which is where most of my bank’s real email missives land?

Out of curiosity, I searched for that email address in my Outlook.com account… and it showed up. As it turns out, I’d had a similar message two years ago from the same email domain, and had moved it to my inbox in order to forward it to NatWest’s security team, because Outlook.com doesn’t let you forward items from your junk mail.

That action added it to my safe list, ensuring I saw it this time. Thanks for that, Microsoft.

There is some good news: when I tried experimentally clicking the link, Google Chrome showed a big red warning that I was heading to a dodgy site. I clicked through anyway (front line of tech journalism, right here) and my AVG scanner wouldn’t even let the page load.

Points to Chrome and AVG in the battle against phishing, and marks docked from Outlook.com, then. In case anyone’s wondering, that recent trip overseas means I haven’t any money left in my account to steal anyway.

Tags: , ,

Posted in: Random

Permalink

Follow any responses to this entry through the RSS 2.0 feed.

You can skip to the end and leave a response. Pinging is currently not allowed.

21 Responses to “ Phishing emails: how I nearly got caught out ”

  1. SimonF Says:
    May 29th, 2014 at 11:42 pm

    To be fair to Microsoft here, it looks like Outlook.com is making the not unreasonable assumption that, by moving an email from the junk folder to their inbox, the user is indicating that the spam filter has got it wrong. Outlook.com is learning from the user’s action so it doesn’t repeat its mistake.

    What you described, wanting to forward a span email, is really an edge case that wouldn’t apply to te vast majority of Outlook.com’s 400 million users.

     
  2. Christopher Says:
    May 30th, 2014 at 9:11 am

    No money you say? I think I can help you there….. I’m actually the manager of a Nigerian bank…. :)

     
  3. Steve Cassidy Says:
    May 30th, 2014 at 4:20 pm

    Most hotel proxies seem very adept at capturing email pickup logins (your address) and delivering targeted spam to it for a few weeks after you visit. I always assume this is a black economy thing, and whoever set up the proxy is rolling in Bicoin as a result. However, they don’t seem able to read mails that are picked up – only the login.

     
  4. Mark Says:
    June 4th, 2014 at 3:03 pm

    They are everywhere :)

     
  5. Chris Says:
    June 4th, 2014 at 3:08 pm

    It certainly is quite a convincing email. One thing we have noticed about phishing emails that we tell our clients is that 99% of the time they will start with “Dear Customer” as they do not have your actual name. A bank would be unlikely to start such an email in the same way as it is supposed to be personal to you.

     
  6. Adrian Backshall Says:
    June 5th, 2014 at 6:47 am

    Good point Chris.

     
  7. Earthcitizen Says:
    June 5th, 2014 at 7:11 am

    …mmm, I got caught out by the headline, thinking that this must be a really sophisticated phishing email to have caught out a pcpro journo. But, no, this is just a bog-standard scam email, nothing special. And the journo was only playing with the email.

    As for the email sender’s address being in the safe-list… there are a zillion reasons why it might be there, so the moral is don’t trust outlook to tell you an email is safe. Use common sense!

    I do agree that it is a nuisance to have to move such emails from the junk folder to the inbox in order to forward them on, so sadly, I don’t bother. The receiving organisation never thank you anyway, so it seems pointless.

     
  8. Earthcitizen Says:
    June 5th, 2014 at 7:17 am

    @Christopher - 
    May 30th, 2014 at 9:11 am

    Actually, I am the president’s great grandson and heir and have rights to all mineral wealth and financial transactions. I only need you to give me your bank details and payment of a Million Zlotties so that I can lighten your financial burden! Oh, and forward this to your bestest, richest friends for good luck and a long life!

     
  9. Craig Says:
    June 5th, 2014 at 10:30 am

    Usually get 1 or 2 every month. The biggest giveaway is the “Dear Customer” or something of the like.

    Also I usually check my account on a different device to check to ensure that it is not locked.

    Always good to double check!

     
  10. M M Tkaczuk Says:
    June 5th, 2014 at 10:40 am

    1 or 2 a month? I usually get 1 or 2 a DAY!!!

     
  11. Pete Says:
    June 5th, 2014 at 10:10 pm

    Once the scammers get good at English and remove the give-away “Dear whoever…” they would stand a chance.

    I think banks and financial institutions need a reality check.
    Despite the best efforts of the IT professionals and the tech press, they (Banks) insist in sending legit e-mails with actual click-able links in them and encourage users to click the links.

    Simple protection advise to all users is never click a link in an E-mail, so why do banks still put them in their official missives! FAIL!!

     
  12. Zippy Says:
    June 17th, 2014 at 3:09 pm

    “log into my account on hotel Wi-Fi without taking any precautions” What precautions can a regular hotel user take?
    I often have to use various sites when away.

     
  13. Joe Says:
    June 26th, 2014 at 1:15 pm

    @ earthcitizen. I’m glad i found you. after i sent you that check for depositing the 35 bn USD something must have happened, because i never got them.

     
  14. Impecunious Says:
    June 30th, 2014 at 1:48 pm

    Perhaps MS can do the decent thing and stop trying to think for us unless they can design a way to prevent these phishing efforts.
    I try to actively use a safe senders list, but the s/w clearly outsmarts my efforts. Yet another reason to avoid online banking; if I had any cash.

     
  15. Lambypies Says:
    June 30th, 2014 at 3:49 pm

    Your making an assumption that the typo’s are a mistake. The most valuable stolen logins are the ones from stupid and/or gullable people. It’s the same reason that the Nigerian scam is still going on. It really is preying on the people less able to defend themselves.

     
  16. Steve Jobs Says:
    July 6th, 2014 at 8:27 pm

    I think that it is a simple case of think, think and think again. basically people what we have here is those that get caught out are breaking Rule 1 which is Never assume as assumption is the mother of all f**k ups. when i get these phishing emails I track the senders down and try to turn the tables on them getting them to do all sorts of silly things. One of them I managed to take control of the PC they were using and messed about with it. if we all learnt how to use computers to a decent level, learnt how to think then turned the tables on them they would eventually give up.
    if you get these emails re: banking then log in from another device or ring your bank up from a landline if possible and ask them direct if any problem exists

     
  17. Steve Jobs Says:
    July 6th, 2014 at 8:36 pm

    Here is an idea to help keep phishing emails and spam to a minimum. I realise not everyone can do this but if you can then do it
    First register yourself a cheap domain name. There are plenty that you can get for no more than a few pounds a year.
    next host it with a host that instead of having a website they simply give you loads of email boxes.
    you also for each email box can create aliases.
    When you sign up for a website online you create an email box just for that site. When you sign up for that site you click all the boxes to say that you do not want emails and or third party emails etc.
    You only use that email box for that website.
    Thus if you get any email from a site other than what that address was set up for then you know how the sender got that address and that it was done without your permission.
    Then all you do is delete that email box and hey presto the sender can not send any more spam.
    Then you know not to trust that website.
    If you also make sure that each email address does not give away what website it is for so that someone can not guess or work it out.
    That way for each banking email box you have you also add extra layer of security by creating email alias for it. That way if a banking email comes in to that bank and is not from the alias then you know it is fake.
    Though always be aware and check out every email that claims to be from your bank by never clicking the link inside.

     
  18. Alan Says:
    July 7th, 2014 at 12:10 am

    As I choose the option to not have my bank communicate by email, text or mobile phone all emails are ignored, simple. Landline (urgent)or snailmail (everything else)are the only options

    too have given up notifying organisations of suspicious emails. No thanks or even acknowledgement is rude in my reckoning.

     
  19. Kelly Says:
    July 8th, 2014 at 1:14 am

    The moral of this is NEVER NEVER allow the bank to call you – ALWAYS call your Banking Services.
    One other thing to beware of is NEVER NEVER talk to your bank on the phone UNLESS YOU INITIATED THAT CALL.
    There is a scam that involves bank call saying call us back – but the line is left open and people have been scammed.
    Same watch out rules about .co.uk on the web: It may be China based and have NOTHING to do with UK. Check postcodes given on Google Maps. I done one check and it was 2 miles seperate from where it was supposed to be.

     
  20. Louella Says:
    August 8th, 2014 at 4:44 pm

    So next time you look enviously at that bronzed girl walking down the
    street, remember that with the help of fake tan products, that could
    easily be you. Use the comments section below to let us know what you liked and what just didn’t work for you.

    You can now put that gorgeous golden glow, that you thought was
    achieved by a month in Miami, down to a little bottle of Xen-Tan.

     
  21. Samsung Galaxy terbaru Says:
    October 1st, 2014 at 9:23 pm

    I wasn’t completely oblivious before, I had seen older Samsung models on occasion
    and saw many good things. Among the sensors added to GS5,
    there is the heart rate monitor on the back of the
    device, at the LED flash. This is fully equipped with operating
    system Android OS, v4.

     

Leave a Reply

Spam Protection by WP-SpamFree

* required fields

* Will not be published

Authors

Categories

Archives

advertisement

SEARCH
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010