Phishing emails are usually easy to spot but that does not mean an intelligent (or busy) individual is safe from becoming a victim of a phishing scam. (Forgive me for using “fool” in the title – it fit nicely with the “f” pronunciation of “phishing!”)
Please glance at the fraudulent email below. The logo, colors and headline make it appear to have originated from Bank of America so it wouldn’t be surprising if a busy person quickly skimmed the bold headline and then clicked on the link.
Before analyzing the fraudulent email above, let’s look over a real Bank of America email:
Both emails are graphically similar but the legitimate email includes the last 4 digits of the account number and is personalized to the customer instead of being addressed to “Valued Customer. The “From” and “Reply To” addresses look (and are) appropriate in the real email but the “From” address is suspicious with it’s double extension ending in the generic and fraudulent email.
In addition to being personalized, hovering over each link in the real email reveals the link destination. None of them were suspicious and all were related to BankofAmerica.com, the correct site. Now let’s look at the fraudulent email again.
Errors in the phishing email:
- Grammar errors in subject and headline
- “From” address is unusual and not what we’d expect from Bank of America
- Unprofessional wording in the body of the email
- Hovering over the link reveals a suspicious foreign link that is not related to BankofAmerica.com
- Email is not personalized and doesn’t include last four digits of bank account
The point of this post is simple. Avoid multi-tasking and take your time to know what you are clicking on before clicking on any link. For more important tips to avoid becoming a phishing victim, please read How to Avoid Phishing Scams. If you’ve been a victim of a phishing scam, please share your experience to spare others the same pain. (or to entertain us?)
Until next time,… Stay Cyber Safe.