Phishing email is an attempt by the scammer to get the recipient to reveal valuable information about himself. Some phishing email examples are discussed below.

Phishing Email Example 1

Sometime back I received an email which was supposedly sent by my email server. The email is shown below

Why this is an example of phishing email?

This email has been sent from a domain email-notifications.com. Any email that was sent from my email server should have had my domain name. email-notifications.com is not my domain name. Its like gmail sending email notification to you from some xyz.com domain.

“Phishing email” is written all over it.

This is a phishing email example which also contains a dangerous link within the email body. The malafide hyperlink link can be seen when you hover over it as shown below

Online frauds & phishing attacks are becoming so commonplace that a number of service providers such as Airtel have been sending emails cautioning customers to beware of such fake emails and smses. One such email that I received is reproduced here verbatim

Caution email from Airtel

Dear Customer,

Recently, a cyber-fraudster posing as an Airtel executive called up an Airtel customer on the pretext of updating his Know Your Customer (KYC) form, tricked him into revealing his bank details and transferred a large sum of money from his bank account. Unfortunately, such instances of cyber fraud are now becoming alarmingly frequent. So, I urge you to be vigilant. Common instances of fraud include:

• Fake UPI handles/websites: There are several fake UPI apps and ecommerce websites which appear authentic in design through the usage of NPCI, BHIM words and logos. If you download one of these, you will be asked to enter all your bank details as well as your MPIN thereby granting the fraudster in question complete access to your bank details.

• Fake OTPs: The fraudster calls the customer claiming to be from a bank/financial institution and asks for account details or an OTP to unblock/renew the existing bank account. The details are then used to withdraw money from the customer’s bank account.

To safeguard from these frauds, here is a list of precautions you can follow-

• Never share any financial or personal information like your customer ID, your MPIN, your OTP etc over the phone, SMS or email.

• Do not follow instructions in any SMS sent from an untrusted source. Delete such SMSes instantly.

• Do not open suspicious websites and apps nor fall prey to unbelievable offers or prices on such sites.

• Do not share your personal and financial information with unknown apps claiming to be UPI apps.

• Do not provide any confidential information via email or click on any suspicious link in your email, even if the request seems to be from authorities like the Income Tax Department, Visa or MasterCard, etc.

• Do not open unexpected email attachments or instant message download links.

• Do not access payment options or make payments from computers in public places like cyber cafés or even from unprotected mobile phones.

• Additionally, installing anti virus software will help. It scans every file you download and protects you from malicious files.

One more thing you can do is to use Airtel Safe Pay which is a very sound way to avoid fraud. Airtel Safe Pay is simply the safest method of paying online in the country. It provides an additional layer of security for every transaction. In other words, before you actually make a payment, our network intelligence throws up a message asking you to confirm the transaction. And the money only leaves your account once we have received your approval, thereby ensuring you are not vulnerable to fraudsters.

For now, to be on Airtel Safe Pay you need to open an Airtel Payments bank account. To open an account, click here. If you already have an Airtel Payments bank account, click here to activate Safe Pay.

With a maximum balance of INR 2 Lakh and attractive interest rates of 6% on deposits from 1 to 2 lakhs, Airtel Payments Bank is also a perfect secondary account for all your transactions. You can easily link a UPI app to your account as well.

These are uncertain times and cybercrime is on the rise. So, l urge you therefore to pay heed and proceed with care. Meanwhile, any feedback on what we at Airtel could do to further help is very welcome.

Stay safe. Bank safe.

Gopal Vittal
CEO – Airtel

The key takeaways from this are:

1. DO NOT open emails unless you trust the sender. They could be sent as part of online frauds.

2. Always ensure that you have a good anti virus  installed on your system.

3. DO NOT ever share any OTP with anyone who calls up for the same.

Prevention is the key to protect yourself from online frauds and phishing attacks.

Need for Internet Security

With the increase in our online presence, comes the need for internet security audit  as we become more vulnerable to online frauds. Just as we try and keep our homes safe by ensuring that security measures such as locks, alarms, gates and so on are in place to protect us from thieves and burglars, we must ensure that our online browsing, email communication, online financial transactions, social media interactions etc. are safe as well from online thieves and cheats.

Our online security is a function of two things:

1. The online or internet security measures that we have undertaken, and

2. Our online behaviour

Let us try and conduct a Do-it-ourselves audit of our internet security status:

Audit of the Internet Security Measures

1. Do you have an Antivirus installed on your device that you use to access internet?  You may be accessing internet or emails using different devices such as desktop, tablet or mobile phone. So, do you have ALL these devices protected with an antivirus? YES / NO

2. Do you regularly update the antivirus database installed on all the device(s)? YES / NO

3. Do you use licensed Software on your online device(s). Is your windows licensed? Are the office applications that you use licensed? YES / NO

4. Do you regularly update the installed software and applications on the device(s) YES / NO

5. Do you use safe browsing extensions in your web browser to warn you about dangerous websites? YES / NO

If the answer to any of the above questions is NO, then you could be in trouble – your online internet security can be compromised. One must under No circumstance be present online without ensuring that the above 5 points are complied with. Answer to all the above questions must be a YES

Why?

An antivirus installed on the online device is like a lock on your home. While it is possible that a lock can be picked by a seasoned burglar, a Good quality lock will be difficult to crack. Same is the case with an Antivirus software. If you use a good quality LICENSED Antivirus, it will be difficult for a scammer to infect your device with a malware or virus. Your internet security will not be easily compromised.

Anti Virus Software must be updated regularly for continued internet security

Antivirus softwares continuously keep udating their database of known viruses, malwares, trojans and what have you. They also keep updating the software to continue providing effective online security to you effeciently.

The antivirus software on your devices must be updated as soon as an update is available. This will ensure that you benefit from thses updates and your internet security is not breached.

Benefit of Licensed Software

Similarly a licensed software such as the operating system or office applications on your computer will go a long way in ensuring your internet security. There are two primary reasons for this.

1. The first reason is that you would be able to get regular updates from the software company. Many of these updates plug security loopholes that are discovered from time to time. A licensed software will ensure that all such security breaches that exist in the operating system or other software that you use are plugged.

2. If the software is not licensed you could never be sure about the authenticity or genuineness of the source. How can you be certain that the pirated software is not coming along with some virus or malware?

Need for safe browsing extension

Though most anti virus software these days prevent you from opening an unsafe website by giving you a warning, it is advisable to add Safe browsing extension in your web browser. An example of one such extension is the Norton Safe Browsing extension.

If the website that you intend opening is dangerous, it will give you a warning such as shown below

After that it is upto you if you still want to go ahead and feel adventourous. And that brings us to evaluation of our online behaviour with respect to internet security.

Audit of Our Online Behaviour

1. Do you open emails from unknown senders? YES / NO

2. Do you click on the links in emails from unknown senders? YES / NO

3. Do you open attachments in emails sent by people not known to you even though you do not have an anti-virus installed on your system? YES / NO

Danger in opening emails from unknown senders

If your answer to question 1 above was NO, then you are relatively safe. I use the word “relatively” because you can still get infected with virus from emails sent by people known to you. The chance of your online security getting compromised however reuduces dramatically if you do not open emails sent by unknown senders.

Easier said than done

However in an era when most of our communication is online – email, chats, social media, sms etc; it is impractical to expect or not open emails from unknown senders. You would never know the importance of the email if you do not open it. It could be an email from the tax department, long lost friend, new prospective client – anyone that NEEDs to reach you.

Therefore, you may have to open emails from unknown senders if you use an email client that does not have a viewing pane as in Gmail, Yahoo etc

On the other hand, if you use Outlook, you can read the email without having to click it open as shown below

You can open emails from unknown senders, but be careful of links and attachments

Our online behaviour becomes dangerous when we click links or open attachments in emails from unknown senders. This is far more dangerous when we do this without adequate safety of Anti Virus softwares.

So if the anser to question 2 and 3 above is YES, that can spell trouble. Especially if you also do not have an Antivirus installed on your device.

Our online security is in our own hands. We are the masters of our internet security and prevention is always better than cure.

Always browse with protection for own Online Security

It is important that you have the following on your computing and mobile devices:

1. A good anti-virus

2. Safe browsing extension in the browser

3. Licensed software

4. Conduct own internet security audit on a periodic basis to ensure that we do not fall prey to online frauds and phishing scams.

There are online predators that we must all be wary of and we must be on guard against them, always.

Last updated on July 15, 2022

How to spot a phishing email is a science that all must know. With most of our time spent on the internet both for work and leisure, it is important that we be careful of online predators.

Here are some ways in which we can spot phishing emails:

HOW TO SPOT A PHISHING EMAIL – RED HERRING 1 – IS THE EMAIL ADDRESSED TO YOU?

Phishing emails are usually not addressed to you directly. The person sending such emails sends emails to hundreds of thousands of people – he is casting a wide net for his fishing (sorry, phishing expedition). He needs only a handful of fish to bite the bait. Usually, the email that you receive would have “undisclosed-recipients” as mentioned against To: as shown below

The person sending the phishing email essentially makes a distribution list and sends the email to all within that list. He does not want the email recipients to know who else has been sent that same email.

The To: field therefore reads – undisclosed-recipients.

One caution that I'd like to add here is that there are time when the email sender is able to use an email service or an email client that lets him send emails individually to recipients. In that case it may appear that the email is addressed to you personally. Therefore, it would be prudent to be careful and look for the other ways to spot phishing emails as mentioned below.

HOW TO SPOT A PHISHING EMAIL – RED HERRING 2 – IS THE EMAIL SENT FROM A PUBLIC DOMAIN?

Many a times the email sender claims to belong to a company or bank or a reputed organisation such as IMF or UN. However, the mail is sent using a email service such as Gmail or Yahoo. An example is shown below:

Why would a person who claims to be the CEO of an organisation such as Fidelity Investments send such an important and official email from a GMAIL address? The email should have been sent from a domain such as ‘fidelity.com'. Such an email is definitely a phishing email.

HOW TO SPOT A PHISHING EMAIL – RED HERRING 3 – IS THE REPLY TO EMAIL ADDRESS SAME AS FROM EMAIL ADDRESS ?

In case of most phishing emails, the “reply to” email address is different compared to the email address from which it was received as shown below:

The email has been sent from “officefrb1010@gmail.com”. However as soon as I clicked on the reply button, the reply to email address is can be seen as “zenithbank671@gmail.com”.

Who does that?

Also, as you can see, the email is addresssed to “undisclosed -recepients”, supposedly from HSBC bank and uses GMAIL address. And the reply to email address is different from the originating email address. A classic phishing email. Now you know how to spot a phishing email!

HOW TO SPOT A PHISHING EMAIL – RED HERRING 4 – SUSPISCIOUS FROM EMAIL ADDRESS

The Red Herring 2 discussed above if the email had been sent from a Public email service such as GMAIL.

There are other ways too in which the from email address could be fraud. You must cross-check the email domain on any suspicious email. The domain is the name after the @ symbol in the email address. If the email is not sent from a public email service such as GMAIL or YAHOO, the sender might try to show as if it is being sent from the Company domain. In that case it should match the name and company of the attempted sender (be on the lookout for minor misspellings!). If you are unsure, try looking up the company’s  domain through a search engine.

HOW TO SPOT A PHISHING EMAIL – RED HERRING 5 – PERSON FROM ONE COUNTRY SENDING EMAIL FROM ANOTHER COUNTRY DOMAIN

Many times you'd find that the email sender claims that he lives in country X yet the email domain belongs to county Y. An example is shown below:

The sender claims that he lives in Dubai, UAE and Togo. However, the email domain refers to Japan!

You can find the list of country specific domain extensions here.

This email fulfills all the above red herrings. One has to be really naive to fall for such a phishing email.

HOW TO SPOT A PHISHING EMAIL – RED HERRING 6 – INCORRECT SPELLINGS AND BAD GRAMMER

More often than not, the phishing email sender gives himself away with use of incorrect spellings and bad grammer. If you receive an email with obviously bad grammer and many wrong spellings, assume the worst.

HOW TO SPOT A PHISHING EMAIL – RED HERRING 7 – DISHONEST HYPERLINKS

When an email has links, carefully examine the hyperlinks. They contain the address of the web page where you will be taken once you click on it.

To examine the hyperlink, take the cursor on the link. It will show you the address of the webspage as shown below:

The underlined link shows the domain where the link will take you, if you click the link in this email. In this case, the website in the link is different from the website where I would have expected to be taken based on the sender's claim.

This is a 100% scam link. The objective of the email sender is to infect the copmputer of the recepient with virus or malware.

HOW TO SPOT A PHISHING EMAIL – RED HERRING 8 – QUESTIONABLE ATTACHMENTS

One of the Golden Rules of online secure behaviour is – do NOT open any attachments until you are 100% sure that the sender is legitimate. Many a times one receives an email from a total stranger with attachments. An example is shown below

I have absolutely no idea about what order he is talking about. The attachment 100 percent contains virus. That is why the anti virus I use on my laptop deleted the attachment.

If you do not know the sender and the email has attachment that you find strange, you can be reasonably sure that it is phishy. Do not open it if you have no protection on your device.

HOW TO SPOT A PHISHING EMAIL – RED HERRING 9 – SENSE OF URGENCY

There are emails from unknown senders that ask you to respond urgently. The sender could use reward or scare or threat to get you to respond faster or click on a link. An example is given below:

The sender would like me to click on the hyperlink in the email NOW else according to him my email service will be blocked.

Such urget action emails are to be ignored. They are scam emails and one must not fall victim to them.

HOW TO SPOT A PHISHING EMAIL – RED HERRING 10 – REQUEST FOR SHARING PERSONAL INFORMATION

No company, bank, government department, agency – No one – will ask for sensitive or personal information over email. If any credit card information, social security number, driving license or passport details etc., are requested, do not share them. Not over email. If you think that you might be missing out on something call the customer support number of the organization to validate. And yes, look up the phone number yourself. Do not call any phone numbers given in the  email that you received.

HOW TO SPOT A PHISHING EMAIL – RED HERRING 11 – EMAIL SENT AFTER OFFICE HOURS OR ON NON-WORKING DAYS

View with caution any email that seem to have been sent outside of business hours or on a holiday. Why would a bank executive send you an email at  10 pm or on a Sunday?

This may not be an exhaustive list of pointers on how to spot a phishing email. If you have more suggestions, please do share. I also look forward to your comments on how to make our online presence more secure.

Please do use the comment box below.

I believe there exists no email address that does not receive any phishing email. It may be a different thing that a phishing email may not get delivered to an email id because of a secure perimeter. However, if an email address exists then there is a sure shot attempt at sending a scam email to that address.

Why Phishing Email?

Phishing email is an attempt by the scammer to get the recipient to reveal valuable information about himself. The purpose of this attempt is to use the information so received for personal gain of the scam email sender.

Can One Avoid Getting Phishing Emails?

The simple yet unfortunate answer is No.

Sorry, I am wrong. Yes, you can avoid getting phishing emails. You need to do one simple thing. Don’t use email as a medium of communication! As someone said, marriage is the single biggest cause of divorce. Similarly, one gets phishing emails because one uses emails. So, as I said earlier, you cannot avoid getting a phishing email if you use emails.

Human beings are social animals who interact with other humans. And if there is interaction between people, there is the need to be on guard to protect oneself.

Are scam emails really a threat?

Earlier I used to think that scam emails are not really a threat. There is an unnecessary fear psychosis that has been created about such emails. Most people who use computers are savvy and know how to take care of themselves.

Over a period of time I realized that I was grossly mistaken. Phishing emails are a threat.

1. If scammers send scam emails  it is because people get scammed. The scam artists must be making money, else why would they waste their time & money sending such emails.

2. I also know of many computer users who are not technically savvy. They make common mistakes such as clicking on links in emails from unknown senders. Many open attachments in the emails received from unknown senders. All this when they are not protected by any anti-virus software.

3. Many people are not able to identify dangerous links in emails.

4. Every day I receive scores of phishing emails. Why? The scam email sender must not be doing this just for kicks. He is doing it because he expects people to fall prey to the scam. The email sender will in turn make money. If I get scam email, so must be others.

5. Many corporate networks have been infected with viruses and malware because users have fallen victim to phishing scams.

6. One reads everyday about people falling prey to phishing scams. People lose money, their identity, access to their devices and what have you, because they have been conned online.

7. Sometime back a well known and respected journalist in India was a victim of an elaborate scam to the extent that she quit her job and announced she is joining Harvard as a Professor. If someone like her could be duped, what hope there is for the lesser savvy computer users?

Phishing emails are a threat to most ONLINE  users

Having established and accepted that online fraud is common and widespread we need to understand how it works.

If we know the modus operandi of the scams, we can take precautions and protect ourselves and those that we care about.

With that objective I started to communicate with the scammers sending phishing emails when ever possible! Yes, I know it is dangerous. But I think the risk is well worth the trouble.

Here you will find:

1. My email communications with senders of phishing emails. This of course is possible only in those cases where the scammer has shared a reply to email address. He expects the recepient to write back and reveal infromation about himself that the scammer can use. Or in many cases he expects the email recepient to give him money in the hope of a far bigger return. You may like to read them and get insider idea about how the scam operates.

2. Phishing scam emails where no communication is possible because the objective of the sender is not to get information about the recipient. Rather, the objective of such scam emails is to infect the recipient's computer / device with virus or malware. Such scam emails are discussed and what to look for in them is highlighted.

The way to protect yourself against such scams is to use an anti virus

3. Database of scam emails. You could search for emails here to see if they resemble anything that you have received. Please note that this website is a work in progress. The database will get built over a period of time. In case you do get an email that you would like to enquire about, and do not find it here, you can use the Contact Us page to get in touch. I cannot guarantee that I'll be able to help, but will definitely try.

4. Articles on how to carefully tread the world wide web and protect oneself from the online predators.

A word of caution

I am not an expert on Cyber security. Don't take my advice as the final word on internet security and phishing emails. I am also learning as I go along. Online security like any other security is to a great extent based on common sense.

Common sense and general awareness tells us that we should:

1. keep our homes and property secure. So use the best of security products and services.

2. not trust strangers blindly.

3. keep away from solitary roads especially after dark. etc. etc.

Similar common sense behaviour is applicable online. Evalaute everything yourself and then take action.

Your online security is in your hands. No scammer can con you  if you don't allow them to.