Back To Top

Gone Phishing

We have discussed phishing many times in the past. Phishing is an email that pretends to be from a legitimate sender but has a nefarious intent: to capture your personal data! We have told you that they are hard to recognize but today, I am going to show you an example of a phishing email that I received recently. In a secure environment (a virtual machine not connected to the YHB network) and using great precaution, I followed the links and captured screenshots to show you how well these emails are constructed. DO NOT ATTEMPT THIS AT HOME! I received the following email to my YHB email account. In Outlook, it appeared to be from American Express, but I quickly figured out it was not. In my protected environment, I opened up the email.


I have highlighted the critical evidence that should raise your suspicion. First, the actual email address is not from American Express, even though it is presented to be.

Next you can see that the Account reference shows just the last digit of the account number. Industry standard is 4 or 5 of the last digits. With only one digit showing they have increased the possibility that it is the same as yours.

The other tactic here is to show a large amount ($8,399) being paid to a widely used company (Amazon).

Everything else about this email looks very much like it came from them. But if you would hover your mouse over the links, it will show that the URL is not going to take you to an American Express website.

This is what the site looked like. I have highlighted the URL to show you that it is most definitely not!



But now look at the American Express actual login page. other than the image missing from the fake site, it is almost identical.


Do we want you to be afraid? No, just cautious. One of the reasons these work is that people see an email like this and there is an instant response that they need to deal with it immediately. We need to stop and look at it closely. If for some reason, I thought it might be real, I would probably go to my American Express login, not through a link, and log in to see if there are any erroneous transactions. You could also call them and ask.

I think you can see from this example though that the bad guys are very clever at making it look real and playing on urgency and fear to get people to click before they think. But by slowing down and looking at it logically, there are some telling signs that this was not real.

curtis-thompsonThroughout his time at YHB Curtis has provided IT audit and consulting to clients, even while holding the position of the firm’s IT director for several years. Now, as head of the YHB Risk Advisory Services Team, Curtis focuses on assisting organizations in a variety of industries with internal audits and IT-related audit and consulting services. Also, he frequently speaks and gives presentations on SOX compliance, internal controls, and data security.

Click to Learn More About Curtis