How to spot a phishing scam: slideshow

How to spot a phishing scam: slideshow

Summary: The fallout from the data breach of US marketing firm Epsilon was massive. Some of the world's largest companies were forced to apologise, as customer details stored within Epsilon were stolen by hackers.

TOPICS: Security, Malware

 |  Image 1 of 12

  • Thumbnail 1
  • Thumbnail 2
  • Thumbnail 3
  • Thumbnail 4
  • Thumbnail 5
  • Thumbnail 6
  • Thumbnail 7
  • Thumbnail 8
  • Thumbnail 9
  • Thumbnail 10
  • Thumbnail 11
  • Thumbnail 12
  • Disney has mass appeal. The broad list of victims could be attractive for scammers.

  • Inconsistencies can be human error, but they are present in most scams.

Topics: Security, Malware

Darren Pauli

About Darren Pauli

Darren Pauli has been writing about technology for almost five years, he covers a gamut of news with a special focus on security, keeping readers informed about the world of cyber criminals and the safety measures needed to thwart them.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Get this. In the light of these type of breaches, BMW Finance this week sent me an email inviting me to register online. All i had to do, was click a link, enter my name, DOB, License number and address.
    And it was legit! They were stupid enough to send such an email!
    All companies like this do is to drive further confusion and make the plebs more gullible to scammers.
  • People should learn to check the source code of the email, it always has the real return address of the idiot that sent it to you. Or, maybe the companies the make email software could add this feature to their email clients. For example, to view the source code, right click on the suspect email, and go to properties, then details, the first line in the source code is usually a real Return-Path: "with ? replacing the actual email address"
    • Baby steps first I think. Looking at the Disney email pictured, there is enough to set off alarm bells without the need for header analysis ("dreem", hotmail ...)
  • Companies need to set up some kind of challenge response system for both parties to be able to identify each other. The other week I got an unsolicited call from the ATO wanting to talk to me about superannuation. But they needed to confirm my identity first, so they wanted me to just give out all my personal information to them after they called me up unannounced. I challenged the guy at the end of the phone about this, and he offered a number to call back on, which is also of little use, as that could have been anyone's number. In the end he said we'll just send a letter. But this wasn't the first time I've had organisations that I deal with call me out of the blue and then ask for personal information. These organisations really need to get better at proving who THEY are before asking me to prove who I am.
    • I always tell them to prove to me their identity. I can't believe the number of legit companies that ring you and expect you to identify yourself with personal information. I just ignore them. It usually works out in your favour.
    • Yes, I got an unsolicited phone call from Comm Bank wanting to up sell me some product and it started with them asking my name and DoB. I refused and rang their security people to complain. I just couldn't get traction when I explained that this was setting a very bad example for the naive public and making them more vulnerable to scammers. I got the impression the bank bloke thought I was just another nutter.
  • Hrmmmm...
    For my information, was the Hilton one actually a scam? It looked pretty legit to me, and the only thing that was odd was the domain name, which doesn't look that dodgy.
    • Spammers and scammers do seem to be getting better at tricking people. But unless you sign up for it, it most definitely isn't legitimate.

      One way to be sure, even if you do sign up for these sites. Type in the website (if you know it), or Google for it (if you don't), and check their website yourself. If it does not match, you know you're getting fleeced, and if it does, sign up for it on the webpage, not the e-mail link.
      • Thanks for your reply techkid, and obviously, if the email is out of the blue then I would be suspicious.
        However given the screenshot alone (Hilton), I am still yet to see anything within the content of that email, or the domain name it was sent to that indicates that it is fake.

        Is there something I am missing in the content of that email, or was it merely an alert to be wary of unsolicited email??
  • Hi Gish,
    The Hilton email was the latter, merely an alert. You've got a keen eye though!