Recently I got an email from somebody who claimed that he is a banker in the United Kingdom and wishes to help me claim the abandoned money in their bank which was for one of my passed family members.
He said that man had a total of € 26.3 million in his bank account and after his death, nobody went there to claim that money and that is abandoned in their bank. He had searched for his name and understood that I am one of his family members.
After a few more talk, he sent me the info to his bank and his info and that was so weird. I have made some points about why he is wrong and is a phisher.
1. UK organization websites are on a .co.uk TLD not on .com TLD
The website he sent me is dovecreditunion.com which has a .com tld. but as it is mentioned in regulations of uk, and many other countries they must have a .co.uk tld for their organization related businesses.
2. UK international standard phone starts with +44 not +447
If you take a quick look into their website, you will see a phone number starts with +447 which is not for a country.
3. Bank websites must have a WAF for higher security
Web Application Firewall or WAF is the next generation of security protection. Usually bank websites get a high load of DDoS, Brute force attacks which must be protected by the WAF to break them all down.
4. Bank website must have an EV SSL
Extended Validation SSL certificates are for those companies who want to prove they are real and that is a really high level of trust. That is a combination of The green address bar+ green lock + Company name + Location Which will be only published by presenting business documents. instead this website uses a Domain Validation free 1 year ssl certificate issued by Godaddy CA. (where the domain is registered)
5. A banking website never gets a simple design
The designation in website you see is really easy to make in 4 hours at most. Website of a bank must have special designs and special parts to manage your account through internet banking.
6. A valid bank doesn’t have a 2 months registered domain name and that much of money from a former customer
If you check the domain whois record using any whois checking server it says this domain was registered in 2019-05-15
7. A bank usually uses its own hosts and datacenters.
as you see in this link, the domain is hosted in a shared host in Godaddy Data centers in Netherlands which has a total of 90% open internet. So nobody can ask them to provide their identity and they will never be known as fraud.
8. A banking website will have a google page rank
but these guys never have a google page rank and are not established. You can check for this in: http://browserspy.dk/pagerank.php
9. Banking websites or any other related hub must be IPv6 ready
Although IPv6 is a new technology, but this can be easily implied to the server to integrate with IPv6 which is faster and more secure.
check at: https://ipv6-test.com/validate.php
10. Any other info looks wrong
If you take a quick look at the website you will find more to report the website as phishing
A simple thing at the header is the email presented there: [email protected] is not a valid email address. You can check that out by sending it a test mail.
That was the most 10 important notes to pay attention to and don’t get phished. Note that these people provide you some info about themselves which may look real but there is no such identity.
If you got into trouble ask us to give you a quick help through the problem: