MoneySavingExpert.com - Cutting Your Costs, Fighting Your Corner

Phishing Scams How to avoid scam financial emails

Updated

27 Sep

New to the site? Quick message from Martin:

All the latest deals, guides and loopholes go in MoneySavingExpert's
free weekly email. Don't miss out - join the 7m who get it emailed!

Phishing is a special type of spam e-mail, cleverly disguised in an attempt to steal your passwords and bank codes. Once the phishers have got those, they steal your money.

How does it work?

You receive a plausible looking email from your bank/regularly used retailer/governemnt department. These are sent at random in the hope they may just catch someone who has, for eg, a bank account with that bank and thinks it is genuine. Often you’ll realise it’s a con because you have no relationship with the company, but sometimes you may get caught.

At the bottom of the e-mail, there will be a link. Often it looks like a real one. When you click on it, it'll probably take you through to a professional looking website – a mirror image of the real thing. You’ll comfortably put your password in – and then you can say bye bye to your cash.

What can I do?

NEVER EVER EVER EVER click a link and enter your password - no matter how genuine it looks. If it looks a genuine security concern, call your bank or visit its published website address. If it is genuine you can handle it that way, just never click on these links.

What about phone calls?

These are likely to be more genuine, however I would still suggest that as good practice, you never give your password. Always call the bank back by its published number and that way you know it is genuine.

Mistaking the genuine for a scam is nowhere near as bad as mistaking a scam for the genuine

Examples of phishing

We receive phishing emails constantly, so thought we would share a couple of them with you. These have NOTHING to do with the parent banks. I have slightly changed the links in them to prevent anyone clicking them in error.

PHISH No. 1 – The Invisible Text Phish

Run your mouse over the email and select it. You'll see invisible text appearing. The additional characters you can see in this help it beat some anti-spam software.

CItI
©

The technicaI2services of this BankNare carrying out a3planned software upgrade.
We earnestlyjask you9to visit the folIowingilink to start the procedureaof confirmation ofLcustomers'Hdata. Hea
lth in 1939https://web.da-us.citibank.com/Iogin.ref.XXXX1449/scripts/client_conf.jsp Mau I ask ThisRinstruction has beenxsent to allYbank customersEand is obIigatory to foIlow. NBA LycosWe0present ourDapologies and thankxyou forCco-operating.Will you, please...
in 1961 Pictures in 1910 may closeWorld War II in 1845The NFLin 1935 Pearl Harbor AnmemberSofRcitigroup

in 1978 in 2000 CopyrightG©R2004cCiticorp

d

PHISH No. 2 - The Earnest Approach

What we love about this one is it purports to be a genuine protective email aimed at stopping just this type of problem. Cunning devils.

Email address this seemed to come from: Citybank Email Security.
Underlying address it actually came from: Security-Alert@bank.alert.it.rd.yahooX.com

CItI ©

Dear Citibank Member,

This email was sent by the Citibank server to verify your email address and your identity. You must complete this process by clicking on the link below and verifying your Citibank account.

Citibank will test your identity due to latest security check.

Some of our clients recived calls from individuals pretending to be Citibank.

Tip of the day:
===============

If you receive a suspicious phone inquiry, like one asking you to verify personal information, don't provide any information and call us right away.

In order to verify your account please click on the link below !

http://it.rd.yahoo.com/*%48%54%74p%3A%2f/un%69ver
%73%61lpr%69%63%65%Z

PHISH No. 3 – The enticing attachment

A final type of phishing email to watch out for is one including an attachment, often a '.htm' or '.html' file. The sender will be trying to convince you to click and open this file, as the virus is hidden inside.

The solution is simple, but so important it is worth shouting LOUD...

Never ever ever ever EVER open an attachment unless you are 100% sure of its contents. EVER.

Final Thought

Phishing e-mails can appear to come from any bank or building society, or financial organisation for that matter, such as the Inland Revenue or HM Customs & Excise. They are extremely cleverly done, look at the above, it's very easy to be fooled.

Just follow the golden rule. Never click a banking/financial link in an e-mail. Always go to the published website address yourself. These people are scum, but clever scum. Protect yourself.

Test your knowledge

Now you know all about phishing, try this quick quiz to see how savvy you are.

Spotted out of date info/broken links? Email: brokenlink@moneysavingexpert.com

Related Guides

What the * means above

In the main body of the article two types of links are listed. The first, which all have a * within the main body of the articles, help MoneySavingExpert.com stay free to use, as they're 'affiliated links' which invisibly take you usually via affiliate linkage or commercial money sites, which then pay this site. It's worth noting this means the third party used may be named on any credit agreements.

The second type doesn't help and therefore doesn't have a *. You shouldn't notice any difference, the links don't impact the product at all and the editorial line (the things we write) is NEVER impacted by the revenue - we aim to look at all available products. If it isn't possible to get an affiliate link for the best product, it is still included in exactly the same way. For more details read how this site is financed.

Duplicate links of the * links above for the sake of transparency, but this version doesn't help MoneySavingExpert.com: