And Update My Website

Internet Marketing & Content That Works

Home » Blog » Best Practices » Security » Anatomy of a Phishing Email

Anatomy of a Phishing Email

by

Big News that Isn'tI’ve recently seen an email that purports to be an official message from a large web hosting company used by some of our clients.

It isn’t legitimate. It’s a phishing attempt. Phishing is the term for attempting to deceive a person into giving up important information, such as usernames/passwords, credit card numbers, SSN’s, etc. It’s done by impersonating an entity that has a plausible need for that information.

I thought it might be interesting/helpful for you to learn to see these emails the way I do. As the sort of thing Sherlock (I’m a fan) might see, with just a glance.

I could tell something was odd, starting with this, by the subject line, which began with:

Your account: № 5653

This was odd, because Bluehost would never put an account number in a subject line. I can’t think of any company that would do that – it’s giving away sensitive information. It also doesn’t look like an account number, it’s too short, and I know that this company doesn’t use numbers at all, it uses your primary web domain name. And what’s up with that funky symbol? That looks like it belongs in a nineteenth century railroad time table book.  Bizarre.  Clue #1.

Next, I looked at the email itself. Here’s a screen grab:

[clear-line]

[clear-line]

I read the message. It was trying to suggest I click a link, but the reason they gave was techno-gibberish. It was written to sound official, but actually it was nonsense. Name servers aren’t changed by your web host, they are changed by YOU. Requests to change things don’t happen by requesting it of the hosting company. That’s why they give you your own account access. Clue #2.

Next, I inspected the URL, carefully, without clicking on it. If you mouse-over (move your cursor over, but not clicking on) the link given, you can usually see a preview of the URL address in your mail client (in my case, in Gmail, in Chrome) and could see that the URL wasn’t going to Bluehost at all, but to a server in the Ukraine. The smoking gun – Clue #3.

This proved that this was actually a phishing scheme. Poorly done (bad content development) – thankfully. In the future we’re going to see scams like this actually use people who can write believable text.

The upshot: always be wary of everything you get online. Pay attention to the little things – like typos, odd phrasing (which are clues to non-native language authors), items which are confusing (this message sounded important, but if it was legit, it would have been more clearly stated), and most of all, be wary of anything that gives you a link to click.  If there is a link, be absolutely certain it is going where it claims to go.

And if you have a question about a suspicious message, send it to someone you trust, like your IT support or website vendor who can let you know if it’s legitimate, or an attempted crime.

Get Notified When We Publish New Articles

About Jay Thompson

Jay is a founder of And Update My Website, and is an experienced (20+ years) marketing expert and a frequent author of posts on our blog. Jay has worked with scores of businesses across the US with marketing strategy, content development, website updates, and much more. Jay lives in Western Oregon with his wife Kathy.