How to distinguish scam/phishing from legitimate bank communication?

[blunomore]

I have developed a phobia about phishing schemes and scammers in general. My inbox regularly receives phishing emails. This now makes me scared to even open (what I believe to be) legitimate bank statements that are emailed to me. The legitimate statements normally requires entering an ID no, not a password.

Are there any guidelines to tell whether a statement emailed to me is legit?

 

[The_Unbeliever]

When the domain of the return address is NOT from your bank. Eg you bank with Absa, so Absa should send an email from *@absa.co.za

If in doubt, hover your mouse over any email link, it will show the correct link. Should you click on the link, and another, different email address appear, abort.

When they ask you for your ID and account numbers, and possibly any CCV numbers.

Banks will not ask for ID numbers in general. Some make use of secure readers (eg Striata readers).

edit : even looking at the from: address is not guaranteed, it is trivial to spoof from: addresses.

 

[blunomore]

When the domain of the return address is NOT from your bank. Eg you bank with Absa, so Absa should send an email from *@absa.co.za

If in doubt, hover your mouse over any email link, it will show the correct link. Should you click on the link, and another, different email address appear, abort.

When they ask you for your ID and account numbers, and possibly any CCV numbers.

Banks will not ask for ID numbers in general. Some make use of secure readers (eg Striata readers).

edit : even looking at the from: address is not guaranteed, it is trivial to spoof from: addresses.

Let me re-phrase: the bank normally asks for a password to open the statements and the password is normally my ID no.

 

[satanboy]

Let me re-phrase: the bank normally asks for a password to open the statements and the password is normally my ID no.

That is the case with Absa - Striata.

 

[ToxicBunny]

I have developed a phobia about phishing schemes and scammers in general. My inbox regularly receives phishing emails. This now makes me scared to even open (what I believe to be) legitimate bank statements that are emailed to me. The legitimate statements normally requires entering an ID no, not a password.

Are there any guidelines to tell whether a statement emailed to me is legit?

The email address has to be accurate.

It needs to be a PDF, the email or attachment should have SOMETHING in them that you can identify comes from a valid source (such as an accurate subset of your account number, or name (as the bank knows it)).

Also, banks will email statements at a specific time of the month. Learn when that is, and anything outside of that period should be ignored.

Any links in the email must be to the correct site as well.

 

[blunomore]

That is the case with Absa - Striata.

As well as a lot of other banks.

 

[blunomore]

The email address has to be accurate.

It needs to be a PDF, the email or attachment should have SOMETHING in them that you can identify comes from a valid source (such as an accurate subset of your account number, or name (as the bank knows it)).

Also, banks will email statements at a specific time of the month. Learn when that is, and anything outside of that period should be ignored.

Any links in the email must be to the correct site as well.

Thanks Toxic and Libs for the guidelines.

 

[ShaunSA]

That is the case with Absa - Striata.

Standard also uses ID no.

 

[The_Unbeliever]

If, in doubt, phone the bank.

 

[PsyWulf]

If you use an online client like Gmail,you select the "show original" option to view the Mail headers

Legitimate FNB Mail:

Delivered-To: xxxx@gmail.com
Received: by 10.216.118.199 with SMTP id l49csp179129weh;
Tue, 17 Jun 2014 06:32:00 -0700 (PDT)
X-Received: by 10.194.190.42 with SMTP id gn10mr38728019wjc.9.1403011920611;
Tue, 17 Jun 2014 06:32:00 -0700 (PDT)
Return-Path: <inContact@fnb.co.za>
Received: from mxincontact.fnb.co.za (mxincontact.fnb.co.za. [196.11.134.77])
by mx.google.com with ESMTP id o11si24203362wjw.72.2014.06.17.06.31.59
for <xxxx@gmail.com>;
Tue, 17 Jun 2014 06:32:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of inContact@fnb.co.za designates 196.11.134.77 as permitted sender) client-ip=196.11.134.77;

Not so legitimate ABSA mail:

Received: from ismtp-02.mm.mweb.net (Not Verified[196.28.101.41]) by A3S1.msp.mm.mweb.net with MailMarshal (v7,0,1,4245)
id <B53a11d2c0001>; Wed, 18 Jun 2014 07:01:32 +0200
Received: from h1826719.stratoserver.net ([85.214.123.151] helo=openry.de)
by ismtp-02.mm.mweb.net with esmtp (Exim 4.80.1)
id 1Wx803-0004xw-8U
for <xxxx@xxxxx.co.za>; Wed, 18 Jun 2014 07:01:32 +0200
Received: from User (8ta-228-14-117.telkomadsl.co.za [197.228.14.117])
by openry.de (Postfix) with ESMTPA id 4947AF23C95;
Wed, 18 Jun 2014 05:43:09 +0100 (BST)
From: "Absa Cheque Account"<offical@absa.co.za>
Subject: Your Absa Online is Due for Renewal

The most important sections in the headers is the earliest <from> records,this is the first server used to start relaying

 

[diabolus]

Actually the first thing i look for, and this has worked 99% of the time for me, without even looking where it is from, just look at the first line of the email where it says "Dear xxxxx"

If it's an email related to YOUR account or YOUR personal information the email WILL (and MUST) contain your name/surname/account number! I ignore all emails that just address me as "Dear Customer" or "Dear Sir" without anywhere mentioning any details that pertain to myself (if it's not a scam, then it is normally marketing spam anyway)

Go check, all your bank statements and valid emails will contain your name or some sort of PERSONAL reference to indicate the email was not just sent to everyone. Scam/Phishing mails are always designed to be "Vague" enough to be sent to ANYONE and that should be the giveaway....

I mean, just looking at my ABSA emails, they now even put my Account No + ID No in the email (they only show the last 4 digits, the rest is ***, but it is already an indication that they are addressing me and not everyone)

Now if they somehow got my name or surname right, then i go check the email/from addresses, especially if they are telling me to click on links and provide personal info.


This also applies particularly to this 419 nigerian scams, not a single one of those soppy tales will address you by your name , yet they know enough about you to send you their inheritance?

 

[PsyWulf]

Actually the first thing i look for, and this has worked 99% of the time for me, without even looking where it is from, just look at the first line of the email where it says "Dear xxxxx"

If it's an email related to YOUR account or YOUR personal information the email WILL (and MUST) contain your name/surname/account number! I ignore all emails that just address me as "Dear Customer" or "Dear Sir" without anywhere mentioning any details that pertain to myself.

Go check, all your bank statements and valid emails will contain your name or some sort of PERSONAL reference to indicate the email was not just sent to everyone. Scam/Phishing mails are always designed to be "Vague" enough to be sent to ANYONE and that should be the giveaway....

I've had 1 or 2 where my name was mentioned,and correct bank account number. Only headers and a unencrypted PDF set off the alarm bells. But yeah often the content gives it away

 

[kianm]

I've had 1 or 2 where my name was mentioned,and correct bank account number. Only headers and a unencrypted PDF set off the alarm bells. But yeah often the content gives it away

Quite a targeted attempt, am sure you p!$$ed your pants a bit lol .

And yeah the headers, dodgy links and the wording in the body sets off my red flags

 

[PsyWulf]

Quite a targeted attempt, am sure you p!$$ed your pants a bit lol .

Indeed,was quite shocked

 

[Aghori]

Apparently I just won the UK Lotto according to my latest email from Freidrich. MYBROADBAND HOODIES FOR ALL!

 

[zippy]

Banks email bank statements with ID numbers as passwords...... unbelievable.....

 

[Freaksta]

I have developed a phobia about phishing schemes and scammers in general. My inbox regularly receives phishing emails. This now makes me scared to even open (what I believe to be) legitimate bank statements that are emailed to me. The legitimate statements normally requires entering an ID no, not a password.

Are there any guidelines to tell whether a statement emailed to me is legit?

Personally I basically ignore all of it, yes I signed up to get login notifications, payment notifications and statements. Any other communication is therefore SPAM. If my bank wants to contact me they can phone me. What type of communication are you expecting?

 

[mister]

When the domain of the return address is NOT from your bank. Eg you bank with Absa, so Absa should send an email from *@absa.co.za

The from address can be forged.

 

[CheekyC]

Never click on attachments. Most contains trojans.

 

[Space_Chief]

I have developed a phobia about phishing schemes and scammers in general. My inbox regularly receives phishing emails. This now makes me scared to even open (what I believe to be) legitimate bank statements that are emailed to me. The legitimate statements normally requires entering an ID no, not a password.

Are there any guidelines to tell whether a statement emailed to me is legit?

Real mail from banks, and it's a pity they send it - because it makes it easier for scammers - usually contains no clickable links. They ask people to go on their website and click the relevant link or contact the bank or their personal banker in one or other way.