The cyberscum who seek to pilfer your personal information have many ways to lure victims into their traps, and a favorite is the phishing scam – bogus emails that link to a rogue site into which the hapless type private data.
The creators of these emails try their best to make them look authentic, and they’ll often theme them around news events. For example, shortly after last year’s devastating earthquake and tsunami in Japan, scammers began flooding inboxes with fake charity emails. Anyone who typed credit card information into the site linked from those phishing attempts donated only to the criminals’ coffers.
Fortunately, most phishing scams are badly done, and anything more than a cursory glance will make it obvious that they’re, well, phishy.
Now it’s U.S. tax time, and you’re starting to see email scams invoking the Internal Revenue Service. One of these recently landed in some inboxes here at the Mighty Houston Chronicle, and I thought it might be useful to deconstruct it to highlight the telltale signs of a phishing attempt.
The email appears to come from Intuit, makers of Quicken and TurboTax software. It tries to get the recipient to go to a website to correct conflicting details in an account. It’s clearly a fake, and here’s why.
1. The email purports to be from Intuit, but the “From:” field has a Bank of America address. This may be an attempt to get through spam filters, since many people make sure their online banking notifications are whitelisted. In almost all cases, the “From:” address on a phishing email will be forged or spoofed.
2. This email solicits sensitive financial information from the recipient, but it’s been sent to multiple people at the same company. I’ve blurred the “To:” list to protect those who received this, but this one email went to 10 people at the Chronicle. Although Intuit likely would never send an email like this one, if the company did, it would be directed to a single individual.
3. Note the appeal to urgency and a 30-day time limit which, by the way, isn’t mentioned in the body of the message.
.... end of excerpt
Article Source: http://blog.chron.com/techblog/2012/01/anatomy-of-a-phishing-attempt/