Scam emails pretending to be from the Government Gateway are being set out again.
While some scam emails are still offering larger bodily parts and, ahm, performance enhancing substances, they are easy to spot by both humans and computers. Some scammers have taken things up a notch in the past year or so, creating plausible and relevant scam emails that could catch the unwary.
One such email currently being distributed is pretending to be from the Government Gateway, part of the UK's e-Government service for various business and tax electronic form submissions.
Genuine or Not?
Looking at the example email on the right how can you tell if it's genuine or not?
Well, the graphics used are genuine, but they are easily saved from the genuine website so that's not much help.
Looking at the FROM address it looks OK (although the actual genuine email address is 'gateway.confirmation@gateway.gov.uk' not many people would spot this or even know what the genuine address is)
The hyperlink in blue says it is going to the website www.gateway.gov.uk which is a genuine domain, there's some slightly unusual grammar but again nothing that shouts 'scam' so do we click the link?
NO!
First of all, were you expecting this email? have you submitted any documents to the gateway? were you expecting to have to download a form? well there's a chance you have but still, before you click the link in any email, hover your mouse pointer over the link text. This will usually cause a box to pop-up showing the address the link will take you to. Why bother when you can ready the address in the link text? well because the link text can actually say anything at all. So while it may say it's gint to the Government Gateway site, when we check we see it's actually going to a completely different site:
So it's going to take you to this bogus site, using HTTPS to try to side-step avoid some antivirus programs that don't scan HTTPS links (they assume the link is secure so don't check content as thoroughly)
Also, opening the email header's (in most email programs, right-click the email and select View Headers) we can see that the FROM email address had been spoofed, the email had been sent from a domain that has been compromised.
In this instance, a correctly configured email server marked the email as junk after it checked the senders details.
In this instance, a correctly configured email server marked the email as junk after it checked the senders details.
Having a secured and correctly configured email server, backed up by anti-spam services and an internet threat service should be the basic level of any email service, either for business or personal use. If you want a security check-up, or help with making your email secure, contact us today.
tinsleyNET IT Services Consultant
IT Support for small to medium sized businesses, home office workers and home users
across the West Midlands and Shropshire.
Comments
Post a Comment