How to detect phishing e-mails

This post is by no means complete. It’s only a guide for how to determine if an e-mail you got is phishing or not. There is a game we discussed before – Anti-Phishing Phil – that can help test your skills.

I got the following e-mail in my junk mail folder.

The e-mail looks official, and the link even goes to where it says it goes. So, how do I know this is a phishing e-mail?

1. This is supposed to be from the US Federal Reserve System. Most Americans do not use phrasing like “hitherto and therefore”. Listen to your British/Australian/Indian counterparts and you’ll hear this type of language though.
2. Bad grammar – “banks and credit unions is”.
3. The link leads to a site called secureserver-27, the Fed’s web page is http://www.federalreserve.gov
4. The e-mail is *not* from federalreserve.gov. If they were sending out official e-mail, do you think they’d allow an employee to send from their personal e-mail account?

Above and beyond these items, if you look at the headers of the e-mail, you can see that Spam Assassin flagged it as including blacklisted URLs.

Spam Assassin gave this a score of 9.2, at 4, my server marks it and dumps it to the spam folder, at 10, my server outright rejects the SMTP connection. This e-mail is pushing it pretty close to that.

In summary, watch for strange language, bad grammar, misspellings, and strange links. And any e-mail where the text doesn’t match where the link goes to. If in doubt, assume it’s spam. If it’s from a company you normally do business with (like your bank), give their main number a call and ask about it – don’t use any phone numbers or e-mails given in the suspect e-mail. Always use the phone number on the back of your credit/bank card, or from one of your statements.