Just to show how sneaky these people are; I have a very good spam filtering service through my ISP (Internet Service Provider) which these emails managed to get through. Obviously the perpetrators have learned to avoid those words or phrases which generally raise the alarm bells.
Imagine my surprise then to receive two such emails within a couple of days of each other. The first email purports to be from the ANZ Bank:
There are several key elements to note here:
- The lack of any official ANZ logo or contact phone number.
- The generic reference to “ANZ customer” rather than identifying the recipient by name.
- The threat of something bad happening if the recipient fails to carry out instructions.
This has all the earmarks of what is known as a “Phishing” expedition, the sender is after my bank account details. Here’s how it works; the baddies setup a fake web page which includes a form for for you to fill out, including all your banking details. They then send out thousands of these emails, often including a threat of dire consequences if you fail to comply. They don’t know if the recipients actually have an account at the bank in question but they will always pick a large bank with a very large customer base, so the law of averages will apply.
Here’s the second email I received a couple of days later:
Note the exact same elements; no official logo or identification, the obfuscated URL link, the inferred risk involved with non-compliance. In fact, they are so similar, I wouldn’t be at all surprised if both emanated from the same source.
In this case I don’t even have an account with Western Union, in fact I’ve never even heard of them. So this one was an easy catch. In the case of ANZ though, I do have an account so I immediately warned my lovely wife that if she receives a similar email she should ignore and delete it.
Generally speaking banks do not communicate via email (well, not here in Oz anyway). Should you receive a similar email and have any doubts at all, phone your bank immediately to verify. Do not, under any circumstances, click on the included link!
Some of the Phishing Expeditions will have a very official Logo from your Bank. We NEVER reply to them. We always go into our bank through our own Logo system. I got another one that was so pathetic it was funny. We sell on Carig’s list. Got one that had”picked” our listing number at random and we would win an I Pad if we replyed. It was supposed to be from Craig’s list. Craig’s list is owned by ebay and they do not give away anything! They wanted all the usual information and a copy of our “Passport”. I also love the ones that will buy your good for twice the amount you are asking and will send you a check that you put in your bank and an agent of theirs wil pick up the product and you give them the difference in cash. I can’t believe anyone falls for that! But they do!
Also, no company would send out an email the way these are written. No company would use a phrase like “most of our customers have been complaining…..” Something like this would be worded completely differently so as not to possibly offend a customer. Also note the non-specific job titles of the people that have supposedly sent the emails. And yes, so many times there are spelling mistakes, horrible grammar, etc.
I have received a few in the past that actually had what appeared to be real company logos, the emails were written as though they could have come from the actual company. But they always ask to click on a link to update your information, and no one should ever do this, no matter how real the email might appear. I personally always call the bank or company and ask them to check if they have any issues or need anything updated. Never call any phone numbers that might appear on the email, though. Call the phone numbers that are on your statements or on the back of your credit card, etc.
Some websites, banks, PayPal etc. have addresses to forward phishing emails and they usually acknowledge receipt. The freebie lightweight security software ‘Trusteer Rapport’ is recommended by my bank but it does cover other websites if activated simply by clicking a faded logo at the end of the address bar. Works with most browsers – sadly not with Pale Moon, but then neither does my bank!