How to spot a phishing scam: slideshow

Submit

The fallout from the data breach of US marketing firm Epsilon was massive. Some of the world's largest companies were forced to apologise, as customer details stored within Epsilon were stolen by hackers.

As each company duly noted, the data lost was small, being names and email addresses. Yet, even that information is valuable for use in further attacks, notably in phishing scams.

If an attacker knows your name, the companies you deal with and your email, then it can craft some convincing emails that have a much better chance of fooling you.

Here are some fabricated examples of phishing emails to illustrate what users need to watch out for in order to protect themselves.

Can you spot what makes these emails fake?

Disney has mass appeal. The broad list of victims could be attractive for scammers.

previous next

Talkback

Get this. In the light of these type of breaches, BMW Finance this week sent me an email inviting me to register online. All i had to do, was click a link, enter my name, DOB, License number and address.
And it was legit! They were stupid enough to send such an email!
All companies like this do is to drive further confusion and make the plebs more gullible to scammers.

gr1f April 12th, 2011

Report offensive content Reply (+2) (0)

People should learn to check the source code of the email, it always has the real return address of the idiot that sent it to you. Or, maybe the companies the make email software could add this feature to their email clients. For example, to view the source code, right click on the suspect email, and go to properties, then details, the first line in the source code is usually a real Return-Path: "with ? replacing the actual email address"

zothen April 12th, 2011

Report offensive content Reply (0) (0)

Baby steps first I think. Looking at the Disney email pictured, there is enough to set off alarm bells without the need for header analysis ("dreem", hotmail ...)

Late2theParty April 15th, 2011

Report offensive content Reply (0) (0)

Companies need to set up some kind of challenge response system for both parties to be able to identify each other. The other week I got an unsolicited call from the ATO wanting to talk to me about superannuation. But they needed to confirm my identity first, so they wanted me to just give out all my personal information to them after they called me up unannounced. I challenged the guy at the end of the phone about this, and he offered a number to call back on, which is also of little use, as that could have been anyone's number. In the end he said we'll just send a letter. But this wasn't the first time I've had organisations that I deal with call me out of the blue and then ask for personal information. These organisations really need to get better at proving who THEY are before asking me to prove who I am.

moonhead April 13th, 2011

Report offensive content Reply (0) (0)

I always tell them to prove to me their identity. I can't believe the number of legit companies that ring you and expect you to identify yourself with personal information. I just ignore them. It usually works out in your favour.

gr1f April 13th, 2011

Report offensive content Reply (0) (0)

Yes, I got an unsolicited phone call from Comm Bank wanting to up sell me some product and it started with them asking my name and DoB. I refused and rang their security people to complain. I just couldn't get traction when I explained that this was setting a very bad example for the naive public and making them more vulnerable to scammers. I got the impression the bank bloke thought I was just another nutter.

david9416 April 18th, 2011

Report offensive content Reply (+2) (0)

Hrmmmm...
For my information, was the Hilton one actually a scam? It looked pretty legit to me, and the only thing that was odd was the domain name, which doesn't look that dodgy.

gish April 15th, 2011

Report offensive content Reply (0) (-1)

Spammers and scammers do seem to be getting better at tricking people. But unless you sign up for it, it most definitely isn't legitimate.

One way to be sure, even if you do sign up for these sites. Type in the website (if you know it), or Google for it (if you don't), and check their website yourself. If it does not match, you know you're getting fleeced, and if it does, sign up for it on the webpage, not the e-mail link.

techkid April 16th, 2011

Report offensive content Reply (0) (0)

Thanks for your reply techkid, and obviously, if the email is out of the blue then I would be suspicious.
However given the screenshot alone (Hilton), I am still yet to see anything within the content of that email, or the domain name it was sent to that indicates that it is fake.

Is there something I am missing in the content of that email, or was it merely an alert to be wary of unsolicited email??

gish April 19th, 2011

Report offensive content Reply (+2) (0)

Hi Gish,
The Hilton email was the latter, merely an alert. You've got a keen eye though!
Cheers
Darren

darrenpauli April 20th, 2011

Report offensive content Reply (+1) (0)

ZDNet Australia Live

I guess but in both cases, dead body!

6 hours ago by Doubt on National Botnet Network coming: Earthwave

I think it's for the very reasons you mention in your first paragraph that there is no CBA. With the ideological differences and vested ...

6 hours ago by RealismBias on NBN cost-benefit analyses are so 2011

Good points; but how do you establish consensus about the terms of reference of a cost-benefit analysis? What is to be included? How far ...

7 hours ago by Gwyntaglaw on NBN cost-benefit analyses are so 2011

I live in a small country town & have done since 2002. When I got to this town it had no mobile phone & no broadband. The only reason w...

7 hours ago by fibretech on Regional review highlights NBN, mobile

Hi there, just became alert to your blog through Google, and found that it is really informative. I am going to watch out for brussels. I...

7 hours ago by Uttedsips on Fujitsu Stylistic ST5011

Like most things in life, the devil is in the details. If a cost benefit analysis included a societal element, I'm certain nobody on eit...

7 hours ago by RealismBias on NBN cost-benefit analyses are so 2011

The coalition has done nothing else but keep changing their view over the last 2 years. -first it was "there is nothing wrong with the ...

8 hours ago by djz on NBN cost-benefit analyses are so 2011

Use the force Luke... FFS

8 hours ago by Beta on Regional review highlights NBN, mobile

michael kors outlet http://www.michael-kors-discount.com/#5923

8 hours ago by michael kors bag on Best iPhone travel apps

Hey butterflyeffecs and lex, Sorry you're not fans of this piece. But you're dead right in that it is the thoughts and experience of a se...

8 hours ago by LHopewell on Android fragmentation steers Vic Health

teen cams
http://www.aloe-vera.cz handjob

8 hours ago by MyncWenry on Fusion-io ioDrive (80GB)

We have fashional replica bags designer .Replica luxury bags sale here are perfect compromise of quality and price. The replica handbags ...

8 hours ago by Machelle on Telecom NZ CEO Paul Reynolds to leave

It's not a question of whether anyone at HSU would know how to do this, but whether they would have connections with people who could. T...

8 hours ago by meski on CT, phone clone

Fred, I can tell you what the difference between FTTN and FTTH is. FTTH means we will be developing technology and services that we sell ...

9 hours ago by andye on NBN FUD: will Abbott ever learn?

You are 100% right – Abbott is a paragon of tenacity. Now if he could only try that hard to get Malcolm Turnbull's phone number, we co...

9 hours ago by braue on NBN FUD: will Abbott ever learn?

Very interesting to hear Ben and thanks for providing some real-world examples. I suspect the NBN has actually improved things for a grea...

9 hours ago by braue on NBN FUD: will Abbott ever learn?

Hi Geoff, my opening paragraph simply suggests that the leader of the opposition party would rightfully be turning to his communications ...

9 hours ago by braue on NBN FUD: will Abbott ever learn?

Very good point Richard – perhaps one of the most interesting things about this whole debate is how extensively it feeds the collective...

9 hours ago by braue on NBN FUD: will Abbott ever learn?

Yes. I also wonder how much of this intentional subterfuge is actually playing out as part of Turnbull's master plan. Given the rough ri...

10 hours ago by braue on NBN FUD: will Abbott ever learn?

Westpac Management runs STG IT since the take over and it is they Westpac who makes the decisions.

10 hours ago by jeff_syd on St George opts to keep 200 IT workers

This story has been voted 12000 times in the last 24 hours!

12 hours ago, Is Bill Gates a great leader?

This story has been voted 10 times in the last 24 hours!

2 days ago, CeBIT 2012 opens: photos

This story has been voted 15 times in the last 24 hours!

2 days ago, Lenovo ThinkPad 3G tablet (32GB)

Keep up with ZDNet Australia

Inside ZDNet Australia

ZDNet / Security / Story

How to spot a phishing scam: slideshow

Topics

Top related stories

Related gallery

Related stories

Talkback

Tech Blueprint

ZDNet Australia Live

Facebook Activity

Keep up with ZDNet Australia

ZDNet Events Calendar

Plan Comparison

Sponsored resources

Inside ZDNet Australia

Services