Another Week a (Slightly Different) DCU Phishing email

modified from wiki commons

Just as I was finishing my post last week on the fake DCU phishing scheme and how to recognize it. I noticed a 2nd such email in my box, it was similar but had one variation that I thought was worth pointing out

Of the 5 clues I mentioned in my first post three are still there. We see the misspelling of “alert” (clue 2) remains which should stop someone paying attention.   We note a time limit on a response (clue 3) which suggest trying to push you into acting rash and we also see the lack of links in the bottom section plus a different country code in the login link (clue 5) this time gq indicating equatorial Guinea not all that far from the central african republic where the last email was based from.

Still there are two variations worth noting here that should be pointed out. take a look at the link again particularly the end of it in bold compared to the front in red:

A person not paying attention might notice the DCU at the end of the link and the redir (as in redirect) and mistakenly think this was an actual DCU email, This suggest a slightly smarter Phisherman than the last time however it’s still a dodge.    Remember the domain is always in the front before the hash.  If that section doesn’t say or whatever your bank or financial institution has in the front, or has a different country code, you know it’s phony.

There is one other clue in this email that didn’t arise in the last one that I want to point out:

Clue 6:  The bank can’t take my money, can it?

Unlike the last email which suggested a false transaction for you to stop this email comes with a specific threat.  If you don’t click their link and put in your password and account numbers you will lose the money in your account.   This is simply a scare tactic.  Not only does a bank not have the right to seize your funds in such a way but if you leave an account inactive or forget about it there are laws compelling either the banks or various states to hold it for you to claim later.

Again this is a tactic used to fool folks who do not know how these things work.  Make sure you do so you won’t fall for these schemes.