We have recently seen a slight twist in the usual phishing emails that are designed to lure the unwary to web sites with malicious content. These emails, usually informing the recipient that they need to confirm their bank details or other credentials, have become common place and most users are probably sufficiently aware not to be tricked.
However, we have seen a number of emails recently that inform the user that they have a message in their secure inbox on their bank's web site and that they need to urgently log in to read it. Needless to say, the actual link in the email goes nowhere near a reputable bank!
The twist is that several banks and social networking sites do actually use the concept of a secure inbox on their web site to ensure confidential communication with their customers (remember email is far from confidential) and frequently send a normal email to alert the user that they have items needing their attention.
Such emails would be easy to spot if the recipient didn't use the bank that is purported to have sent the email. However, we think some of the emails are sufficiently similar to the branding of existing banks to potentially trick the unsuspecting, who may be customers of the impersonated bank.
We expect this scam to also target social networking sites, such as Facebook, in the near future.
These new phishing emails are, then, very plausible if you use banks or social networking sites that have this facility and use the same branding...
Our advice is NOT to click on links in suspicious or unexpected emails.
You can easily assess the danger of many links by simply hovering the mouse over them. Most newer email programs, such as Microsoft Outlook, will show a popup tooltip displaying the real target for the link. You must examine the link details very carefully to ascertain whether they are safe.
A screen-shot showing a typical tooltip that is displayed when a link is hovered over in Microsoft Outlook. Note that although the link purports to take the reader to their secure inbox, the link actually targets a Russian web site (ie: a .ru domain).
The trend is to embed the name of a well-known bank into the links to trick even the wary. A typical link might look like www.my-well-known-bank.very-malicious-site.cn, etc.
If in doubt, don't!