-->

Thursday, May 31, 2012

Analysing a Phishing Email


As a Continuation of the article on Bank Phishing Emails - Gens Online Maintenance, We want to take a critical look at the contents of the email, and analyse its contents and the actions behind the phishing email.

It would be noted that this is a definite case of  email phishing or phishing email. An analysis of the email structure, contents and some tips below will help you stay clear from phishing emails.

Useful Tips to help you stay Clear of Phishing Emails

  • Senders Email Address: If you notice the sender's address, it came from a website which has no business with the said bank. A quick DNS or Whois Look-up showed the following results:
  • Recipient's Email Address: The email address of the recipient (which is "supposed" to be YOU/I ) was simply  used as : Undisclosed  Recipients meaning that the message was sent to you as a "BCC" - Blind Carbon Copy, using a Mass e-mailer or a Mass email sender.
  • Email Greetings: If you Bank or  Financial Institution will ever communicate to/with your through email, your First and Surnames MUST be included in the email (as a Security measure) to enable you know that the email is from the Bank or Financial Institution.
  • Email Grammatical Structure: While psychologists have noticed that most people that fall for online scams do not "think about grammar or structure" of the emails or letter they receive, where their eyes and brain is attached to is on what to gain from such transactions.
It is to be noted that this email purported to come from a "Bank" asks (the "undisclosed recipient" who is being greeted as "Dear Customer" and not with their real names), for some key information from them.
This will involve you doing the following:
  • Download a Form or click on a link - as against making a phone call, going to the Bank website, going to a Branch of the bank.
  • Filling a Customer Security Update form: This is one of the worst "stupidity" that one can think of, but the part of the brain that says - "yes this is true" does not want to hear otherwise.
  • Psychological Target: These spammers know very well that if they included a BOLD warning, many people may be attracted to do things their way. Note how they used Capital Letters to highlight the warning. but unfortunately, Capital Letter in communication means "Shouting" or emphasis. NOTE: FAILURE CAN RESULT TO PERMANENT ACCOUNT SUSPENSION.
  • Email Signature: To further buttress the scam, the sender signed the email with a "generic word". No Bank or Financial Institution will send out such sensitive email without using a "verifiable" Name and Official Designation and even a workable phone number.

Useful Advise

Phishing Website DNS lookup
Phishing Website DNS lookup
If you receive any of such phishing emails, always use the cursor and hover around any link on the email, if its pointing to an IP address, its a clear indication of phishing in action. once you click on such links (and if you are lucky to have the McAfee Site Adviser installed in your computer, it will warn you on visiting such sites.

Do not in any way either by a return email or clicking a link, fill any form that involves disclosing your Bank security details to anyone. You Bank can never contact you in such manner and will never ask you about any "sensitive" information about your Bank account on the phone. Be wise and be Warned.

You can visit the following Links to know more about Phishing Emails or Computer Phishing as a whole.
Posted by Loveday at 0 comments
Labels: ,

Bank Phishing Emails - Gens Online Maintenance

Bank Phishing Emails
Bank Phishing Emails
This morning as I opened my emails to see what the day holds for me, my attention was drawn to one of the emails that "quietly" tried to pass through my Inbox filters but landed into the basket meant for such unscrupulous emails or senders. By this in a simple layman's understanding, the Spam Folder.

Now down to some serious things (lol). I looked at the email and the contents baffled me. You can see for yourself:
Dear Guaranty Trust Bank Customer,
We regret to inform you that access to your GTBank Online Account and Atm Card has been temporarily limited. This has been done due to several failed log-in attempts. To restore your account please log in correctly by downloading and Filling the Customer Security Update form attached to this message.After downloading follow the directions for instant activation of your account and Security information.
NOTE: FAILURE CAN RESULT TO PERMANENT ACCOUNT SUSPENSION.Security AdvisorGuaranty Trust Bank © 2012.
What baffled me was not that the senders actually wish that I will be stupid enough to open and download the form, but that in their minds, they think that everyone will fall for their trick.


This is a definite case of  email phishing or phishing email. An analysis of the email structure, contents and some tips below will help you stay clear from phishing emails.

Useful Tips to help you stay clear of Phishing emails: >>>> Analysing a Phishing Email

Note of Caution

A little note of caution to anyone who has ever received such emails or who will in the future, receive such emails.
If in doubt of any contents of an kind of communication from your Bank or Financial institution, please contact the Bank directly. If you cant get their contacts, please look at the back of your ATM card, Credit Card for a Bank or Card contact Number.


Do not in any way either by a return email or clicking a link, fill any form that involves disclosing your Bank security details to anyone. You Bank can never contact you in such manner and will never ask you about any "sensitive" information about your Bank account on the phone. Be wise and be Warned.

You can visit the following Links to know more about Phishing Emails or Computer Phishing as a whole.
Posted by Loveday at 2 comments
Labels: ,
Subscribe to: Posts (Atom)