SLAC Computer Security
Search SLAC

Plain Text Assists in Identifying Phishing

Our SPAM quarantine system can usually prevent the phishing emails from making it into your Inbox but it doesn't catch everything. Plus, what if you looked at your SPAM Digest message and you saw a message from service@irs.gov and the Subject was "refund of $63.80"? Would you release it? And if you did and it arrived in your Inbox would it display in HTML?

 

Or do you have your email set up to show all emails in Plain Text?

Can you see how it would be much easier to notice that the link to the "form" is not going to take you to irs.gov web site? It is taking you to an IP address instead of irs.gov. This is obviously not going to help you to get a refund. It is actually taking you to a phishing site where you could be convinced to provide personal information to the producers of the fake website. Here's more information about this phishing scam.

To change your email client to display and send all emails in Plain Text please see our Plain Text Email page.

Final Warnings

However, don't assume that plain text email is the silver bullet. Even with plain text emails you have to be on guard and look very closely. Something like http://WWW-IRS.G0V might have been harder to see as a fake (the letter O in gov is now the number 0).

If your "bank" sends you an email about contacting them regarding something in your account don't click on the link in the email. You should use the URL from your bookmarks to connect to the "real" bank's website and find what their talking about, or you call the bank directly to get more info.

It is very, very easy to make any email look genuine.

 

Above article appeared in July 5th, 2006 SLAC Today.

Owner: SLAC Computer Security
Last Updated: 07/22/2010
Feedback: Please send to
Computer Security Feedback