What Is A Phishing Email? What Does It Look Like?

According to Wikipedia*, "phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.[1][2]"

What Do Phishing Emails Look Like?

Quite often they look like a legitimate email from IRD (about a tax refund, or warning of tax owing), or an email from a provider like Office365 or Apple. More info here at netsafe.org.nz*. 

How Do You Know If It Is A Phishing Email?

There are often several clues; please see the copy of example emails below.

• IRD will never email you to tell your account has been hacked, that you owe tax, that you are due a tax refund, that the Police are after you, blah blah blah. 
• Phishing emails often have spelling mistakes or unusual grammar (although not always)
• The email address is not one that matches the organisation, or it is close but not quite right e.g. it is from ird.co.nz instead of ird.govt.nz; e.g. we received a message supposedly from Microsoft, but the email address was messagealert@ another organisation

What Does a Phishing Email Look Like?

Here is one phishing email we received recently. It looks rather convincing, but there are a couple of clues in the email that it is not from a legitimate source

1. Grammatical error in the opening line: "receive" instead of "received"
2. Email address is odd
3. We were not expecting anyone to send a confidential document, so this is out of character
4. Unusual grammar in the body: "secured document" instead of "secure document"
5. Odd closing line: "We hope to continue serving you"

---

Here is another example of a phishing email.  Note again the clues that it is not "legit":

• email address is not from Apple
• email shows it is sent "on behalf of" someone else
• grammatical errors e.g. "problems with your account Apple", "if you ignored this email", "disabled the next 48 hours.. .", space between account and the exclamation mark
• incorrect use of capitals e.g. "Officially Permanently"

---

How Can I Keep Myself Safe?

• Be cautious about emails asking you to update or verify your details online
• Be cautious of emails saying you’ve won prizes from competitions that you don’t remember entering
• Be cautious of emails that try to get you to act quickly by threatening you with legal action or loss of an account
• Ignore any emails asking you to provide personal information like passwords, or banking information
• Remember legitimate organisations like banks will never ask you to send them your password
• Only open email attachments when you’re expecting them, even if you know who the sender is
• If you’re unsure if an email is from a legitimate organisation, you can contact them to ask. If you do contact them, make sure you go through their official contact channels – don’t use the phone numbers, websites or email addresses included in the email

See more tips on this page at netsafe.org.nz

What should I do if I need help or advice?
You can contact Netsafe:

• Email queries@netsafe.org.nz
• Call them toll free on 0508 NETSAFE (0508 638 723)
• Online report form at netsafe.org.nz/report

Their helpline is open from 8am – 8pm Monday to Friday and 9am – 5pm on weekends.

---

* We have quoted information from Wikipedia (licence terms) and Netsafe (licence terms). Use of this information does not constitute an endorsement of EpsomTax.com by either organisation. This information is not provided for commercial purposes, but strictly in an attempt to help promote community awareness of fraud and how to prevent it and protect yourself.