SLAC Today logo

Computing Security Tip: Very Tricky Phishing Emails

Last month, we explained how viewing e-mail in plain text exposes the tricks of phishing e-mails. We closed the article with a warning to be wary of clever e-mails and to use your own bookmarked URLs or to call your bank if you receive a suspicious message which purports to be from your bank.

This month we'll show you a phishing e-mail received at SLAC which wasn't exposed as a forgery by reading it in plain text. We had to go one step further to find out it was a phishing e-mail.

Below is the original message in HTML format:

But you are a careful e-mail reader and you view it in plain text:

Still looks fine, doesn't it? But it's not!

If we dig a little deeper we'll see what is really going on in this e-mail. For this we will re-convert the e-mail to HTML (click on the grey info bar in Outlook). Then we right-click on the body of the e-mail to view the HTML source and here is the proof this isn't a valid email:

<FORM action=>
<A href="">
<INPUT style="BORDER-RIGHT: 0pt; BORDER-TOP: 0pt; FONT-SIZE: 10pt;
BACKGROUND-COLOR: transparent; TEXT-DECORATION: underline" tabIndex=2
type=submit value=>

By viewing the HTML code, you can see that the URL really takes you to a non-VISA server (see the web address in red above).  From the URL, we can determine that this one happens to be a major Internet Service Provider in Hong Kong (

The spammers and phishers are making money off people who fall for their tricks. They won't stop coming up with new ways to fool us, so we have to be smarter than they are. Sometimes the easiest way to check to see if an e-mail is a scam is to enter a sentence from the e-mail into a search engine. Entering "Someone from Bulgaria tried to access your personal account" into a search field yields several hits which will confirm this is just another phishing e-mail.

—SLAC Computer Security
    SLAC Today, July 27, 2006