attempted bank hack "you have a secure message"

[Bongleur]

Got an email labeled as from my bank. Said I had a secure message waiting. I have in fact been talking to them about something, so it was plausible.

But the link did not open my bank's home page. It was something different, saying to register. The email also had a footer talking about "this email is protected by" - some fake company name to do with "encryption security." There was even a "more info" button leading to a page about this fake company that does encrypted messaging. Its URL was nonsense.

However, the Registration page had my email pre-filled in. If you stop to think about it, this is trivial, since the fisher had the email to send the message in the first place. But psychologically, it is an important part of the fraud. It keeps your critical mind turned off.

 

[gauss]

I always inspect the full email Headers of any message claiming to be from someone that I do business with that says there is a problem. If you know how to inspect the headers you can see where the message really came from and more often than not, it is not what it claims.

I would never click on a link from something sketchy until I have done this.

If I felt the need to respond, I would manually type the name of the institution into my web browser and log into my account to see if there was any evidence of a problem.

This is just one of my tactics to defend against phishing and to protect my laptop. It is part of my good digital hygiene routines.

-gauss

 

[Jerry1]

I would just never clink on a link from my financial institution. I go into a separate browser (Chrome in incognito) and log into the institution by typing in the address I know that it should be.

 

[gauss]

I would just never clink on a link from my financial institution. I go into a separate browser (Chrome in incognito) and log into the institution by typing in the address I know that it should be.

^ I think our replies "crossed in the mail".

 

[scrabbler1]

Besides using my known, bookmarked link to my bank to sign in (and never clicking on an unknown link), I will forward the fake email to the bank's abuse or spam email address. It can usually be found in the bank's website but you can call the bank's customer service number if you don't know it.

 

[W2R]

I never click on links in e-mails. If it is company with which I do business, such as my bank, Amazon, or whatever, then I go to their website to find out what extremely important information the e-mail claims that they have, and that I must know.

I got one just yesterday saying my Amazon account would be shut down in just a few hours if I didn't click on the link and do something about some problem. Instead, I went to Amazon and nothing was amiss.

 

[RunningBum]

It perturbs me a bit that banks tell you not to click on links in suspicious emails, but then send a link in their emails. It seems like it'd be a lot safer if they'd just tell you to go to your account. Then you'd know any email with a link is suspicious and you can delete it with no further action.

Since that doesn't happen, I hover over a link to see where it goes before doing anything. Bad link destination, I know I don't have to even check the account they were trying to make me think it was.

 

[racy]

My 2 rules: 1) never click on email links, 2) never answer the phone.
It's kinda sad we have to live this way now, but it is what it is...

 

[Alan]

It perturbs me a bit that banks tell you not to click on links in suspicious emails, but then send a link in their emails. It seems like it'd be a lot safer if they'd just tell you to go to your account. Then you'd know any email with a link is suspicious and you can delete it with no further action.

Since that doesn't happen, I hover over a link to see where it goes before doing anything. Bad link destination, I know I don't have to even check the account they were trying to make me think it was.

I agree, although I did get a fraud alert email last year from HSBC USA and I just checked it. It was email rather than phone call as explained in the email because it was outside the hours I had specified for receiving phone calls. The email did not contain any links but did give a reference number so that when I called the number on the back of my card there was already a case file set up.

The card had been cloned and used in a grocery store Arizona (I live in England) and it had been blocked pending my call. I was refunded and the card cancelled.

So, some banks don’t provide a click here link when fraud is expected.

 

[DenverCraig]

... hover over a link to see where it goes before doing anything. Bad link destination, I know I don't have to even check the account they were trying to make me think it was.

Besides not clicking on links in emails, that's a best practice right there. If the bit right before the .com isn't recognizable as being from where you think it should be from, you're probably being phished.

 

[jazz4cash]

My 2 rules: 1) never click on email links, 2) never answer the phone.
It's kinda sad we have to live this way now, but it is what it is...

Never answer the phone! When I was working I used to joke about needing a phone that only made outgoing calls.

I’ve been getting barraged by No Caller ID calls lately. I just installed latest iOS that sends these calls directly to voicemail.