Archive for March 12th, 2017

Credit Union Email: Phishing or Not?

The Credit Union recommends we practice “Safe Computing” with this helpful advice (clicky for more dots):

HVFCU - Safe Computing - sketchy URL

HVFCU – Safe Computing – sketchy URL

The link leading to that page was on their website, but the page is on trabian.com, whoever they are. Should I trust the links on that page to return me to the credit union site or not?

Here’s their definition of “phishing”:

HVFCU - Phishing description

HVFCU – Phishing description

Having just switched to “paperless statements” at the Credit Union, a recent email prompted me to look at my statement. Let’s start by seeing where the email came from:

HVFCU - Statement email - From address

HVFCU – Statement email – From address

Huh.

It claims to be from the credit union, but does its actual address (insofar as anything concerning email can be actual) of statement2web.com sound a little phishy to you, too?

Well, let’s look at the full headers, which I can do because, yo, 1337 H4X0R. Here’s a snippet from the bottom of the stack:

HVFCU - Email detail header

HVFCU – Email detail header

Huh.

So the email started from statement2web.com and bankshotted off kbmla.com. Further up, the headers show it rattled through pobox.com and eventually arrived in my inbox. As far as I can tell, it never touched its alleged starting point of hvfcu.org at any point in its journey.

Quick: phish or no phish?

Of course, it’s a perfectly innocent message from the credit union, but it contains every single warning sign we’re supposed to notice in spam or phishing emails, complete with a clicky link!

[heavy sigh]

Advertisements

2 Comments