Last month alone I’ve received 6 phishing emails asking me to change my RHB banking password. I always wondered what would happen if I’d actually clicked on one of the links in the email–and today I did just that. Immediately I was transported to a dodgy world of sophisticated deception, and soon realized this was far more complicated that I initially expected.
Before I proceed a friendly word of caution–Kids don’t try this at home–the scam is an elaborate ploy geared towards robbing you of your cash, and if you’re not sure what you’re doing–chances are you’ll be a victim yourself. The simplest way to avoid a scam like this is to never click on an email from the bank–regardless of how genuine it looks. Banks never send you email–so don’t expect one from them. Not even a Christmas card.
But if you’d like to see what happens when you click on one–read on:
Step 1: The email from RHBGroup.com
First there’s the email, it was (supposedly) from [email protected]. Quite deceptive, and if you visit rhbgroup.com you’ll find that it’s the legitimate RHB Bank website. So it appears this email from rhbgroup.com would be legitimate as well.
Except it’s not.
Email is a remnant of the internet past–it was created at a time when security wasn’t a priority, hence Emails lack any form of authentication (validating whom the email is from) which allows them to be easily forged. This inherent insecurity is what Emails should never be trusted, especially when those emails come from external sources like a bank.
That’s why your bank will NEVER send you an email. It’s too easy to forge. So rest assured that every email you receive from the bank is a fake (there are exceptions of course, like transfer notice etc, but those emails don’t require any action from your end)
Analysing the email further, I find the first victim of the scam. A website called pjpan.co.uk, a pajama-store (of all things). The website url was all over the email-header, which just like every other aspect of the email could be spoofed. Why the scammers chose to us pjpan.co.uk was beyond me, but they did. In any case the email was sufficiently obfuscated that trying to determine its origin would be difficult and probably pointless as well.