Of course, not every message claiming to come from a legitimate enterprise is fraudulent, but with phishing attempts mimicking the layout and design of the abused brands perfectly — they even use the original images —, it can be difficult to spot the difference.
Since few users enter the details that are asked for (social security or credit card numbers, for example, or your user name and password) directly in a form in the email message — and you should really never do that — phishing attempts have an Achilles' heel: they need to redirect you to a web site. The site will look legit, of course, but its address, the URL found in your browser's address bar, will not.
In Outlook, you can spot these fraudulent URLs right in the email and thus stop most phishing attacks.
Identify and Fend Off Phishing URLs in Emails with Outlook
To identify and fend off phishing URLs in emails with Outlook:
- ›› Step by Step Screenshot Walkthrough (using Outlook 2003)
- Hover the mouse over the link you are asked to follow in the suspicious email.
- Take notice of the link address that appears in the blue (Outlook 2007) or yellow (Outlook 2003) pop-up window.
What Phishing Emails Looks Like
You should assume a phishing attempt if
- what you see in the pop-up window does not correspond to the address given in the email text,
- The address in the email body reads https://pages.ebay.com/ while the address in the pop-up is http://www.updateuseregistration.net/, for example.
- the address in the pop-up window is a numerical URL,
- The link begins with http://126.96.36.199/, for example.
- the link in the pop-up window does not begin with https://, which denotes a secure site,
- the address in the pop-up does not end with the top-level domain you would expect
- Instead of the expected https://pages.ebay.com/, it says https://pages.ebay.com.ag/, for example.
- the link in the pop-up starts with a Google, Yahoo! or similar address that has obviously nothing to do with the company the email claims to be from or
- The address in the pop-up is http://www.google.com/url?q=http://www.google.com/url?q=http://188.8.131.52/paypal, for example. Here, Google is used to redirect you to the scammer's site.
- the link in the pop-up looks suspicious for some other reason.
- The links goes to http://www.paipal.com, for example, or to http://pages.ebey.com/.
If you have any doubts about the legitimacy of a link in an email, go to the site of the company the email claims to be from and log in via their secure page, taking note of the validity of the site's certificate.
In addition to keeping a watchful eye yourself, you can also enable phishing protection in Outlook.
Because advanced phishing attempts can try to interfere with the way URLs are resolved by your browser, they could redirect you to a spoofed site even if you enter the correct address. They do this by entering their own servers as the destination for these addresses in the HOSTS file. To see if your computer has been infected, open the HOSTS file (typically C:\Windows\system32\drivers\etc\HOSTS) in Notepad and look for entries similar to:
If you spot such entries, delete them.