Phishing Gallery

I get quite a lot of phishing emails, so I thought I'd create a gallery to show them off. Click the links to see the screen shots.

Some of the images are big and the web browser might shrink them to fit, so zoom in to see the image full size. In Firefox, for example, the mouse becomes a magnifying glass, so click it to make the image full size.

I sometimes forward these to the relevent companies to investigate, however, some don't have an email for reporting phishing and other scams. PayPal even emailed me back recently saying that a phishing email that attempted to con me into giving out my PayPal username and password was nothing to do with them and they were going to do nothing about it. So basically, companies aren't particularly interested in trying to stamp out phishing. You're on your own!

If you look at these screen shots, they should give you a good idea of what to look out for. They are old, but some of the scams have been going on for years and keep reappearing, sometimes with the same wording, but sometimes with slightly different wording. Many phishing emails claim to be from banks, PayPal, eBay and so on and they say that there is problem. They all all ask you to click a link and log in. That's when the perpetrators steal your details, so don't do it!

eBay

Account suspended / become a Power Seller / another suspension / suspended again / question from an eBay member / another question / account limited / win a prize / unpaid item / compromised account / unauthorised listing /

PayPal

Account violation / limited access / Security Center advert / unusual account activity / account update / credit card confirmation / slightly different account violation / I've been randomly selected for maintenance / some foreigner trying to access my account / Security Center advisory / someone tried to access my account / credit/debit card payment declined / get verified / update your records / PayPal credit card / foreign access /

Amazon

My account details at Amazon need updating /

Things I have (not) bought

Books / mystery purchase / something I've ordered / a DVD perhaps? / something Spanish / another Spanish item / some rings /

Banks

Barclays / Halifax / Citibank / Lloyds TSB / Abbey National / Charter One / SouthTrust / Woolwich / NatWest / Barclays / Alliance & Leicester / Barclays / Chase Bank / Chase Bank / Chase Bank / Chase Bank / Barclays / Barclays / Washington Mutual / Barclays / MBNA / Co-op / Visa /

Miscellaneous

Subscription to the communism community mailing list / a job offer / another job offer / and another job / Kuwait version of the Nigerian scam /

Job offers

I get quite a few emails that are similar to phishing emails, but they are more like con tricks. They claim to be a job offer like this:

There is either a website, email or phone number to reply. Of course, you'll get the job and when you hand over your bank account details, they'll clean out your account. Or they'll send you fraudulent cheques or something, you'll send on the money, your bank will detect the fraud weeks later and reclaim the lost money from your account, not theirs. However, they work the scam, you'll lose lots of money!

I am a lottery winner!

Yes, it's true. I win the lottery every single week. I have the emails to prove it. The wording is always slightly different, but it goes something like this:

There is always a contact phone number, address, email or website. During the course of claiming your winnings you will be asked for your bank account or credit card details, or you might be asked to pay administration charges. What's a few thousand in admin charges, they'll say, when you're getting a couple of million? Needless to say you'll end up thousands of pounds out of pocket. The only people getting rich are the con men.

How to spot a phishing email

This is usually quite easy. There is an example below that claims to be from Barclays Bank. Here's how I can tell it's a fake:

1. I don't have an account with Barclays! Obviously, not all fakes are as easy to spot.
2. I have more than one email address and this is not one that I give out to financial institutions. This is a good tip - get another email address and only tell your bank what it is. Emails to any other address must therefore be fakes!
3. A phishing email will always ask you for your username, password, membership, or account details. Do you know how many backups banks and other companies have? They have backups of their backups! They NEVER lose your details, so any email that asks you to enter them is a fake. Remember, these people want your details because they don't have them, banks and other companies don't need to ask you for them because they already have them!
4. When the mouse is over the link in the email, the address in the status bar at the bottom of the window is not a Barclays Bank website. Some clever phishing emails make the address look similar to the real one, but in this case, the phisher has used http://61.99.244.152:680/rock/Isa/. Where on earth's that? It's certainly not Barclays! A quick search on the Web revealed that the website is actually based in Korea!

How to spot a real email

Usually the people behind these phishing scams do not know your real name or username. Therefore, if the email is addressed to you personally, such as "Dear John Smith" there is a good chance that it is real. It's not a guarantee though. Hold the mouse over any links and look in the status bar to see the real URL and not the text in the message. If it contains the real URL of the company, it is probably real. However, I have seen some pretty good fake URLs, so again this is not a guarantee that it is a real email.

The best way to protect yourself is to assume that every email like this is a fake. Just run Internet Explorer and go to the site yourself - your bank, auction site or whatever. Log in and see if there are any messages or check the status of your account. You'll be told if there is a problem of any sort.