When it comes to spotting phishing emails I feel that it’s a really easy thing to do. But then I think about the number of messages I get from users asking about our “lottery” and I am reminded that not everyone has had the same degree of experience. Having worked at PayPal, eBay, and now Yahoo!, I have a bit of a PhD in phishing, and would like to spread some knowledge.
If you have been reading for a while you may remember way back in May when I offered up a breakdown of some recent Yahoo! Lottery and PayPal scams that were floating around. As you can imagine these scammers are persistent and new styles are always popping up. Below is a recent attempt at a lottery scam that I found particularly bad.
While phishing messages are known for their bad grammar and spelling, this one really sinks to new lows. I’ve marked up many of the mistakes in red, but I’m sure there are a lot more. Anyway, the first things you might notice are that “I D” and “PRICE” are misspellings (they are going for ID and prize). I guess that might slip by but then you can easily see that the “YAHOO INCORPORATED” email address is in fact from @walla.com.
Next we can proceed to the stuff that makes our brand folks all twitchy…the inconsistencies. There must be a dozen references to Yahoo! in this message, yet they never spell it the same way two times in a row. Some have the “!” at the end, others don’t. Some are ALL CAPS, others are not. In fact the whole message bounces back and forth between different font styles.
You’ve also got references to the All-New Yahoo Mail Beta (hasn’t been beta or for a year), and the Yahoo Male Classic (I guess it’s for guys only).
Then of course we have perhaps the most insulting gesture from this scammer. He wants you to claim your Yahoo! “Price” by contacting him at a gmail address?!?!?!
As you move further down the message there are of course more references to “Price” (instead of prize) with the requisite request for personal information.
All in all this message has all of the signs, including perhaps the biggest warning sign of all…if it sounds too good to be true, it probably is.
So if Yahoo!, PayPal, eBay, your bank, or pretty much any site asks you for a bunch of personal information in an email you need to remember a few things.
- Most major sites know better than to ask that of their customers.
- If a site is warning you that your account is going to be shut down you should try to contact the appropriate customer care team directly.
- When contacting the site to ask be sure to use your normal methods, not the links within a suspicious email.