I recently received an email from my bank or so it seemed...
What do you think of it?
Return-path:
Dear HSBC Bank Member,
This email was sent by the HSBC server to verify your e-mail address. You must complete this process by clicking on the link below and entering in the small window your HSBC User ID, Date of Birth and Security Number.
This is done for your protection --- because some of our members no longer have access to their email addresses and we must verify it.
To verify your e-mail address and access your bank account, click on the link below. If nothing happens when you click on the link, copy and paste the link into the address bar of your web browser.
--------------------------------------------
Thank you for using HSBC!
--------------------------------------------
This automatic email sent to: ***@clara.co.uk
Do not reply to this email.
On the surface, to the unwary, all would appear to be legitimate. However, I'm far too cynical these days to believe everything I read so I took a deeper look. Any time you receive something through your email account that seems to be requesting information that you wouldn't give to a stranger in the street you should think carefully before acting.
So how do you distinguish between a scam email and a genuine one from your bank?
Let's dissect this email into smaller, more manageable pieces...
1. Did you ever inform your bank about your email address?
If you've never divulged your email address to your bank then it's reasonable to believe that they wouldn't be sending you any emails! I try to make it a point to never give my email address to my bank. Unless you're using an online banking service then they would probably use it for marketing purposes.
2. Are there any tell-tale clues of a fraudulent email in the headers?
In your email viewer, examine the email header information. You'll often find some obvious clues as to the real nature of the email.
In the example above, there are a number of points that can easily be spotted at a glance:
This tells us where the email was sent from. Upon visiting
If HSBC were trying to contact me it's highly unlikely that they would resort to using a free, PC-based email client such as Microsoft Outlook Express. Large corporations with millions of customers often tend to use server-based software to carry out mailings. Outlook Express is not the customer-mailing tool of a multinational bank!
This line tells us that the email has originated from a blacklisted IP address. Following the link, http://www.spamcop.net/bl.shtml?193.224.241.94, takes us to an information page provided by spamcop.net. It states that the IP address supplied has been reported a number of times and that it has been found to send email to email addresses planted on the Internet deliberately as bait in spam traps.
The definition of RBL as offered by Kadow's Internet Dictionary is
Realtime Blackhole List. A list of open mail relays and rogue sites, maintained by Paul Vixie. Subscribers to the RBL reject all mail and/or connection attempts from RBL'd IP addresses, effectively cutting off irresponsible/incompetent domains from the rest of the Internet. Subscription is completely voluntary, details are at http://maps.vix.com/rbl/.
3. Does the content of the email make sense? Are there spelling, grammar and logic mistakes?
The HSBC are unlikely to send out emails that are riddled with such errors so it's another easy check to carry out as long as your own grasp of the language is sufficient.
We've seen from the header information that this is not true.
This sentence doesn't make sense and is grammatically incorrect. The point it is attempting to convey is done so poorly and without clarity. In matters of importance, the language used tends to be very concise so as to reduce the likelihood of confusion.
4. Does the email contain links disguised to look official?
When it comes to hyperlinks check for the existence of an '@' symbol. If there's only one method of scam identification you remember then this might be the most important because this reveals exactly where any information you provide will actually end up.
Web browsers ignore anything that appears before http:// and an '@' symbol.
In the email above we see,
The '@' is almost hidden by the group of what would seem to be some kind of encoded information. This tells us that the actual web address the link leads to is actually
The characters after the '?' are probably used to identify your email address as being valid. Often, spammers send unique, generated codes within emails and track their response. They know what codes went to which email addresses so if a particular URL with a unique code is visited then the email address that received that code is verified as a live target.
As an example, try this URL in your browser,
5. Use common sense
It's highly unlikely that your bank will ever ask you to verify your account in this manner. This type of email scam is a well-known tactic known as phishing. Such scams tend to try to convey some sense of urgency in order to make you carry out the requested actions before
- you realise what's really going on
- they get shut down
Also, note the lack of a notice at the bottom of the email. Usually, business emails of a confidential nature tend to have a notice that says something along the lines of "if you're not the intended recipient of this email then you must delete it".
Some scams will appear to be more realistic than others. In this case, the scam was poorly executed with some very easy-to-spot flaws. You may receive scam emails that exhibit none of these characteristics. You may have no choice but to contact your bank directly by other means in order to verify its validity e.g. by telephone. Just make sure that the alternative method of communication you use isn't the one that's shown on the email! Use a telephone number from your bank's website, but type their URL directly into your web browser. Don't use the one from the email.
Email is not a secure method of communication. It's vital that you don't treat it as such!
Here's how MailWasher Pro handled this particular email:
And how SpamWeed Bayesian filter handled it:
Using automated software such as MailWasher Pro or SpamWeed is an excellent way to avoid falling for any such scams and helps to backup your own judgement.
Remember, if you are ever in any doubt about the true source of an email then proceed with caution. People do fall for these tricks and even if you spot them easily now that doesn't mean that you should ever relax your guard or develop a false sense of security! Keep cautious and you should stay safe.
Remember those immortal words,
"Let's be careful out there..."