Everyone talks about Phishing these days - usually emails that are trying to look like coming from your bank or another online service you may use, but are really just a good fake to lead you into entering your secret login or credit card data onto a suspicious fake website.

This will not happen if you keep your email address secret, but as soon as you receive the first spam, your email address is out there, probably sold from one spammer to another, and you could receive such phishing emails as well. We collected a few dozen of those phishing mails and decided to write this small article to let you know how these mails look like and how you can easily recognize them.

All emails from online services that ask you to enter your login data into a website should be regarded as suspicious first, and compared to the following checklist.

• Some phishing emails put the whole text into a graphic to avoid that they get detected by spam filters. Others have inserted additional text in letters the same color as the background to irritate spam filters. You can press Ctrl+A (or use Select All from the Edit menu) in such an email to see if the text is selectable and there is hidden text in there. If you cannot select single words from the text, that indicates the text is inside a graphic, which is absolutely unlikely for a legit service. Also, if you read some unrelated text in there, that is a good sign that the mail is spoofed.
• Most phishing emails have a link that appears valid but is not. The link text that is displayed looks like a legit link to the service website, while the link behind it is leading to quite another page. You can move your mouse above that link and check the status bar of your email client, which will show the real link address. Whenever this link is not exactly the one displayed in the text (or that one is not the address you already know, and this includes every single dot - wwwv1-paypal.com for example is not the same as www.paypal.com), you should never click it. Some phishing emails even contain a few real links, but as long as you have any doubt about even one link, do not click any of them. The best method is to visit any online services website only from entering its known URL into your browser, and never by clicking links in any email.
• It is common for phishing emails to warn you about sharing your password with anyone. Phishing emails do also use original graphics from eBay, PayPal, CitiBank and other services that are spoofed. Warnings and look are no criteria in determining if the email is legit.
• Those fake servers that can be reached through phishing emails have no way to validate your information. So if you have reached some verification website that you are suspicious about (because you ignored our warnings so far or it just appeared out of the blue), you can try to enter some totally imagined information. If the website accepts that, there's something wrong. Still, if the website tells you the data is incorrect, that is no sign that the site is for real.

Important: Do not enter important data onto any form that is not SSL encrypted (SSL addresses begin with https:// instead of http://).
Important: Never use links from emails that appear to lead to password-protected services you have subscribed to (banks, mail accounts, everything that needs a login).
Important: Always log in from your own bookmark or by typing in the URL only, and always check the URL field if it still is correct.

Attached you can find a list of screenshots showing some of our collected phishing mails as an example:

• CitiBank, CitiFinancial: Text is a graphic, if you hover your mouse over the link you will see that it does not really point to the citibank.com server.
• eBay: the link at the bottom does not point to eBay. The pressure (update within 24 hours) is also a good indicator.
• PayPal #1,PayPal #2: these emails have exactly the same layout as some original PayPal emails. Again you can see an invalid link.
• SunTrust: except for the link, there is also this unlikely threat of charging the reader $50 if he does not change his password asap.
• PostBank: this email is quite clever regarding its link, but the language fails in technical aspects and is quite unlikely (every sentence ends with an exclamation mark). Also, I have never seen any bank recommending one special antivirus product, if they recommend such at all. Different email clients show different behaviours with this email: Outlook Express will show the bad URL in its status bar, and open the bad page when you click it. Mozilla Thunderbird shows the real Postbank link, but also opens the real Postbank page if you click it.

Over the past months, we've collected phishing emails on multiple accounts and build a statistic. Please understand that the banks or sites listed here are only victims as well and, choosen because they have a large customer base, so it's not their fault. You should pay special attention to any mail that is supposed to come from your bank, regardless of who your bank is, of course.