I received an email this morning from the Better Business Bureau. It claimed that someone had opened a complaint about No-IP and listed a file with a description of the complaint for me to view. The only problem was that the email was totally bogus. Follow these tips to make sure you don’t get phished. (Click the image to view a larger version and to follow along)
1. Check out the From address on the email. It is from a Jonathan at southeasterncheese.com, that is definitely NOT an official Better Business Bureau email address.
2. The To: and CC: lines are another dead give away. Jonathan sent this email directly to one person, and cc’d over 90+ others!
3. The body of the email actually looks legitimate. The BBB logo is there and everything looks great! There is even a case # for to reference. Upon hovering over the ATTACHED REPORT link though, another phishing occurrence, the link does not go to the BBB official website, it goes to a medical records site.
So, next time you receive an email, look at it in depth before you click any links within it, or an even better practice is to not click links in emails and go directly to the official website. If you get an email that you suspect is a phish, report it to the company. Also, check out this past blog post for more tips to safeguard yourself from being phished! Have you received any emails like this recently?
The “From:” address can be easily faked, so its not an indicator for anything at all.
Experienced phishers would use a from-address that looks somewhat related to the topic. Something like insertname@bbb.da.ru.cn or so.
Additionally, if you use a mail client that can be configured to display mail in plain text instead of HTML, then there is a much better chance to spot the bogus URL inside.
Michael