Pop Quiz: Which Email Message is Real and Which is Fake? Jillian Wohlfarth January 18, 2013 Best Practices // SUMMARIES ?> Phishers hijack your brand to trick customers into giving up their personally identifiable information and financial credentials. According to the Anti-phishing Working Group Trends Report, financial and payment services are the top phished sectors. Do you think you can spot a fake email? Let’s put you to the test. Take a look at these two emails from Wells Fargo and decide which email is real and which one is a fake. Email #1 Email #2 The Answer: Both emails are fake. Here’s how you can tell: No personalized greeting: Email #1 refers to the recipient as “Customer” and Email #2 does not even greet the customer at all. If this is really from your bank, they will address you personally. Typos: Note the 4th paragraph of Email #1. The sender spells the words “information” and “automatically” wrong. In Email #2, they spell the same words wrong, but also spell the word “our” wrong in the first sentence. Poor Grammar: The first sentence in Email #2 reads “…the accounts is ou r system.” Unbranded URLs: When you hover over the link in Email #1, it directs to a strange URL. They try to compensate for this by including language that tells you that you will be directed to a random server for security issues in an attempt to get you to trust the message. Email #2 fails to include a clickable link. Urgent Messaging: The email is designed to solicit a response. In this case, both emails look like system alerts that need you to verify your account in order to restore access to your account – a typical ploy for phishers. Help protect your customers from receiving these kinds of messages. Authenticate your mail with SPF, SenderID, and DKIM to help ISPs identify which domains and IPs legitimately belong to you. Get more information on how to authenticate your mail, and learn more about DMARC – a new standard that tells ISPs how to treat email that purports to be from your brand.