Very Convincing Phishing Email

Today Kerrin received this very convincing phishing email in his inbox. Check out the picture above; it looks just like a legitimate email from the IRD. Sometimes I wonder whether the constant barrage of super obvious phishing emails are part of an elaborate plan to exploit a created hubris - we can get a bit too confident about spotting them and then miss the most clever examples. 

Here's how to spot this one:

  • It's asking you to log in via a link in the email. IRD never does this, they might send you an email saying that your myIR account requires attention but you'll have to go to the genuine website and log in completely separately from the notification email. In fact they don't even send you letters via email. If you have a letter from IRD you might get an email saying it's there for your perusal but the content of the letter will not appear in the email. 
  • The link does not go to any official site. I've not included the link in the above picture for obvious reasons but when we hovered over it, all that was shown was an IP address. This is another clever feature of this phishing scam - often the links go to such a long and clearly bollocks site that it's a dead giveaway. But this is just a short series of numbers and full stops, which looks far less incriminating. 
  • The sender was ird@camenergy.org, which is clearly not the real Inland Revenue Department. When looking at an email address it's what is behind the @ symbol that's important. That's the company or organisation the email is coming from. In this case camenergy, which I've never heard of before.