Another variation on the phishing theme came in today, there were two, one purporting to be from Santander and the other from Bank of Scotland. In the Bank of Scotland version, the sender has got a long name and job title that push the obviously spurious originating domain out of the field of view in most email clients.
The safest way to check such an email address is to highlight it by right clicking, then copy and paste it into a text editor. Then you can check the domain via the appropriate whois links (see the recent blog item on this subject).
Again, there is a Word document attached that you are exhorted to open. Of course, under no circumstances should you do this until you have verified the authenticity of the message. In this case, the originating domain was secure-bankofscotland.co.uk, which, unsurprisingly was registered through GoDaddy by a person whose identity could not be verified. Luckily, GoDaddy has spotted this one and it has been suspended for abuse. However, this is no cause for complacency as the malware will be in the document attached, rather than through a link to the domain.
The second variation, shown below in the image, was supposedly sent by firstname.lastname@example.org. However, rolling over the links that the message asks you to follow to reset your unspecified password, show that the domain is mosakmail.com. This is clearly an attempt to harvest addresses for unsolicited mail, probably including malware distribution.
As always, vigilance and a healthy degree of scepticism are the best allies in keeping safe on line, so the advice is to take nothing at face value and never be in too much of a hurry to give suspect messages a thorough investigation.
A third variation is purporting to come from HMRC, stating that you owe a large sum of money in tax arrears. The tactic I believe is to make recipients follow the link in a moment of anger with the response " I most certainly do not!", which is an understandable gut reaction. Unfortunately, as soon as you do, it is a lifetime too late to go back and take a more cautious approach. In fairness to HMRC, they are publishing guidelines as to how you can recognise genuine communications from them. Worthwhile advice from HMRC can be seen here, and the page makes interesting reading.
Stay safe out there and as always, if you have any concerns, questions or problems please don't hesitate to call or email.