Claims Bank phishing email scanned
Be warned: the creators of phishing emails have crafty ways to slip under your defences. This phishing email brazenly asserts that it has been scanned for malware. The email claims to be from St George. For the benefit of our overseas readers, St George is an Australian bank. It actually uses a fake footer making the claim. The fake footer does however contain a genuine link to the firm Surf Control.
For those unfamiliar with Surf Control, they are a Website, Email filtering and User security company. The content of the email claims that your account has been locked. You can resolve this by clicking on a link. It is a scam. The link takes you to a phishing site that attempts to serve malware, as well as stealing your personal details.
Figure A is the email. It uses the St George logo. There is a genuine looking footer. The subject line of the email is “St George Internet Banking Notification”. The sender of the email is “St George Bank”. The email uses the greeting “Dear Customer”. The email goes on to advise that recent transactions have caused the user’s account to be locked. The email tells the recipient to click on the link to resolve the issue. The email signs off as “Security Department”.
What is alarming about this email is the final line. The final line states that the email has been scanned for malware. This adds authenticity to the email. Someone receiving this email may think “It has been scanned for malware so must be safe”. Unfortunately that is not the case. The addition of a genuine link is a further argument to authority.
There are signs this email is fake. The generic greeting is one sign. Banks personalise emails; they do not use “Dear Customer”. Another sign is the link. It leads to a malicious site. It does not lead to St George. Ironically, the site tries to serve malware. Delete this email if you receive it.