How to spot a "phishing" email

Posted by admin on June 6, 2017

Whitehill have apparently joined tyhe likes of HSBC, Nationwide and others in being the base from which "phishing" emails have been sent.  Phishing is a covert attempt to gain access to sensitive information like login details (user name and password), or to get you to send money.


A phishing email appears to be from a reputable source, like Whitehill, or your bank, your social network, online services, online shopping or even from your own organisation.

The intention behind a phishing email can be assumed to be criminal, and we can also assume that a phishing email is send to make profit from uneducated users.

As a victim of a phishing email you might find that your bank account has been emptied or your credit card being cancled. Once the attacker has your bank login details he/she can basically manage your bank account as you. Banks have nowadays additional layer of security, but you don't want to give it any chance.

 Here's an example; this has the correct Whitehill names, footer and apparently originates from us.  How can you identify whether something like this is a phishing email?

phishing_email.jpg

First, let's cover some basic information

  • There is no guarantee that the email is from the sender shown. Basically, one can send an email using any email address, real ones or made up ones (Email Spoofing), as long as the email format is met. (@, .co.uk or. com, etc.) Some Internet Service Providers are able to prevent their customers from doing that.
  • Criminals still have ways to send an email using any sender address they wish to use.
  • Phishing emails are send out in huge quantities and often don't show the recipient address in the To: line (That would be your email address).  However, the more sophisticated ones - such as the example above - have all the right names in the right places.
  • An email message can be send as Plain Text, HTML or Rich Text.  Phishing emails are generally formatted as Rich Text and more often than not as HTML emails.

Now, here's 10 ways to spot a phishing email

1. Check who it's sent to

Mass-mailed phishing emails tend to be sent to something general - "Recipients", or "Customers".  Any reputable company such as your bank (or Whitehill) wouldn't do that. The criminal has to do that as he may have sent out very large quantities. Basically, he sent only one email, but to probably thousands of recipients. That why the single recipient address (your email address) can't be shown. This is done intentionally and not a software limitation.

2. Check who it's sent from

It's relatively straightforward to make the name look like someone you might know; in the above example, the name and all the details of the footer etc were taken from an "out of office" autoreply sent during the holiday period.  But if you hovered over the name "Brian Senior" you'd see a link to a completely different email address; some email clients will show you who the reply will go to (it usually starts with "mailto:"). 

In this case, any actual reply went to;

managers.maills@comcast.....

3. Check the links in the email

These are often made to look like something sensible, but may either be spelt incorrectly (just like the above example - have a look at how "maills" is spelt), or may have an ending which is nothing to do with the start of the address.  The last part of a domain name is the most telling. For example, the domain name info.whitehillbookkeeping.com would be a child domain of whitehillbookkeeping.com becausewhitehillbookkeeping.com appears at the end of the full domain name (on the right-hand side). Conversely, whitehillbookkeeping.com.maliciousdomain.com would clearly not have originated from whitehillbookkeeping.com because the reference to whitehillbookkeeping.com is on the left side of the domain name.

4. Check for mismatched web addresses

Often, the web address (URL) in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address (in most email clients, at least). If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.  When you move an email to the junk folder, the html is usally stripped out and you can see the plain text of any link.

5.  Be suspicious if the message asks for personal information

No matter how official an email message might look, it's always a bad sign if the message asks for personal information. Your bank or services provider doesn't need you to send it your account number. It already knows what that is. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.  Whitehill never ask for such details by email.

6. Be suspicious if the message asks for money

One telltale sign of a phishing email is that you will eventually be asked for money, or login details so the criminals can take your money. You might not get asked for cash in the initial message. But sooner or later, phishing artists will likely ask for money to cover expenses, taxes, fees, or something similar. If that happens, you can bet that it's a phishing expedition.get-me-out-1605906__340.jpg

7. If in any doubt, just contact the bank, company or people direct (or check their policy); don't click, reply or phone using anything in the email itself

HMRC have guidance on how to spot scams which appear to come from them.  Banks have similar information online and there's usually a helpline you can get from the internet (not from the suspicious email!).  Whitehill will never ask for money to be sent, other than by issuing a secure link to an invoice or statement. We'll also be happy to check if you want to contact us and check the contents of an email received which appears to come from us.