Thursday, March 29, 2012

What's British for Spam?

Received a very exciting email yesterday. Well, it would have definitely made my life more exciting should I have been foolish enough to respond. (click on image to enlarge)


Of course it's a phishing email, but as a famous consulting detective might say, it's not without certain points of interest.

The Bad
So how did I know this was a fake?  Easy. I don't have an account with Barklay's, either online or off. But suppose the spammers had been lucky enough to use a bank I did have an account with. would I have been fooled?

Probably not. Notice that I was blind copied this email. That means it was sent to a bunch of people. If this were truly a notice of unusual activity on my account, it should have come just to me.

Third, note the attachment. The 'html" tells me it's not really an attachment -- it's probably a link to a website. But where? I'm pretty sure that the actual website will be far different than what the header says it is.

The Good
Spelling counts! Usually, these types of email have goofy spelling or fractured syntax that provide clues that English isn't the first language of the writer, and certainly not any type of professional correspondence from an established firm. So they did get that right.

I also like the recommendation of the browser updates. Nicely done. Surely a spammer would prefer you use that outdated version of Internet Explorer with its multiple security leaks. But these folks don't need to worry about security. Because they've persuaded you to go to their website and voluntarily enter all your secure information.

The Takeaway
Not all spam is as painfully obvious as the type that Frank Drake or our other alter egos take on. Even though this one still had plenty of clues that call its authenticity into question, I'm sure there are plenty of Barklays customers that would click on that attachment. Personally, when I get an email from our bank with telling us to do some action, I go to the customer service number on our bank statement (not any found on the email) and call.

And that's a safety precaution that works every time.

No comments:

Post a Comment