I love great phishing emails - the ones where the phishers have made the effort to make the email look legitimate. Earlier this week, I got this one from Standard Bank - an email that actually strikes the right notes in many ways. In fact, it is very difficult to state that it is illegitimate, and I doubt most normal users would be able to spot it as a phishing email.
Firstly, I am ex-customer - so asking details for further screening is not a "bad" message. The grammar, the notes on the opening times of the customer contact centre, the disclaimers are all perfect. I did open the HTML attachment, but not on a browser - and even the stylesheets are perfect (using a legitimate Standard Bank stylesheet). They even have the right anti-phishing messages
"Important security alert! Standard Bank will never ask you to access internet banking through a link in an email. Don't fall victim to fraud!"
And lastly, all the HTML code seems to point to Standard Bank website - unless a domain itself is compromised, I couldn't spot an incorrect domain. But perhaps, I didn't look hard enough.
So, why do I think it is a phishing email?
- The attachment asks for your ATM pin and Internet Banking password (to be reset)
- Asks for "Zip Code"
- Asks for other personal data, such as ID numbers
- Asks for email password
- And lastly, the email headers give it away
Received: from exchange.szlonghao.com ([113.98.251.13]) by mx.google.com with ESMTPS id q66si27264684yhl.395.2013.07.29.03.
48.06 for(version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 29 Jul 2013 03:48:47 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning
ibsupport@standardbank.co.za does not designate 113.98.251.13 as permitted
sender) client-ip=113.98.251.13;