Electronic Engineering Blog

Stay safe from high quality phishing email scams.

Today I received an email on my BT Internet email account which looked bona fide, but it was a phishing scam. Here I describe how to spot the few clues, to make sure you don’t get caught out.

Screen Shot 2014-09-22 at 11.08.33First, this is a screen-grab of the email. It’s safe here because it’s just an image of the email, there are no active links in it. It looks pretty real. (Click the image to see it full size).

However there are a few clues that all is not right with this email. It states that I have gone over my broadband usage allowance for the month, and that to avoid charges I should click the red button to upgrade my account.

The text of the email is well written, the grammar is good and contact details etc all seem to be correct. However the clues are there, so lets take a look and see how I knew that this was a scam email, and not from BT.


Screen Shot 2014-09-22 at 11.20.10The first thing that made me wonder if this was not genuine was the fact that I have a truly unlimited broadband usage account. Maybe BT had made a mistake, or maybe I was not on the tariff that I thought I was, but still it started the whole process of being suspicious about this email. So I decided the check the senders email address. It looked like it came from “bt.comms@bt.com” but if you examine the sender details carefully, you can see that was just a spoof name, the actual senders email address was as shown in this image. Now why would BT be sending me an email using a TalkTalk account? That didn’t seem right. That was clue number 2.

Screen Shot 2014-09-22 at 11.24.40The next thing was to check which address that big red button would have taken me to. It claimed to be an upgrade process for BT account holders, so I’d expect it to go to some kind of BT web address. When I hovered the mouse over the link it was reported as: dfssdfsg@altervista.org, so clues number 3 and 4 right there. Clue 3 is the “dfsdsfsg” that looks like someone just hitting a few random characters on their keyboard, they are all next to each other. Clue 4 is the “altervista.org” domain name – that doesn’t look like something BT would use.

cluesmoreThere are at least two more clues that this was not a genuine email. Lets take a close look at the email again to see what they are. I’ve highlighted them in red rectangles in the image to the right. Clue 5 is, as I have stated before, the sender did not include my real name or account details. All decent organisations will personalise their emails to you with some identifiable information so that you can have confidence in their communications. Clue 6 is the sudden change of text size in the body of the email. This is unprofessional and is a clear indication that someone has been messing with the contents of this email.

The destination of the big red button in that email was in fact a phishing site that wanted your BT Logon details, along with your banking information and debit/credit card details. Thankfully the scam was reported and the site has been taken down, but not before some people will have been tricked into handing over their details.

So, in what appeared to be a genuine, professional email we found at least 6 clues that it was in fact a scam. Be careful out there, things are not always as they seem. The scammers are getting better every day at disguising their badness as genuine communications. Be smart and stay safe.


, , ,

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.