Skip to main content

Understanding Email Security: Identifying Phishing Attempts

Consider the following scenario where you receive an email purportedly from your bank. Let's analyze the email and understand the appropriate course of action.

From: Student Bank
To: me
Subject: Notification from Student Bank

Dear Student Bank customer,

We recently discovered multiple unauthorized login attempts on your STUDENT BANK Online Account, accompanied by numerous password failures. As a security measure, we require you to re-validate your account information with us.

Failure to comply will result in the suspension of your account, as it may have been compromised for fraudulent purposes.

Please click the following link to re-validate your account information:
http://202.14.130.66:8080/studentbanking/onlinebanking/us/personal/weblogin/login.html

Best regards,
Student Bank

Note: Please refrain from replying to this email, as it cannot be answered. For assistance, log in to your Student Banking account and select the "Help" link from the header.

© 2016, Student Bank

Analysis

The email appears authentic at first glance. Let's evaluate its authenticity.

Is this email suspicious?

  • Yes
  • No

Good judgment! This email indeed raises suspicion.

Reasons for Suspicion:

The inclusion of an IP address in the link (202.14.130.66) instead of a standard website address (e.g., www.studentbank.com) is a red flag. Legitimate organizations typically use domain names, not IP addresses, in their communications. Always verify the legitimacy of the URL by entering the root IP address directly into a web browser.

Next Steps:

Do you understand why this email is suspicious?

  • Yes
  • No

Response: Links containing IP addresses, such as 202.14.130.66, are indicative of potential phishing attempts. It's advisable to refrain from interacting with such emails and instead contact the organization's official support line for clarification.

Understanding Phishing Attacks

Phishing is a fraudulent practice where cybercriminals attempt to acquire sensitive information, such as usernames, passwords, and financial details, by posing as trustworthy entities in electronic communications. Recognizing and avoiding phishing attempts is essential to safeguarding personal and financial security online.