Where Does This Email Pretend To Come From?
This phishing email pretends to come from:
Tesco Personal Finance firstname.lastname@example.org.
As you can see from the image of the email content below if you were to click on the link:
http://www.tescobank.co.uk/1/2/TESCOCAM10;&user=% email@example.com %
. . . you will not go to a Tesco website. Look carefully and you will see that the real URL behind the embedded link is displayed above the hand pointer when the hand hovers over the link in the text.
In the facsimile above the obscured paragraph reads:
During our regularly scheduled account maintenance and verification
procedures, our records show your Tesco Credit Card Account registered
to email user ” < the recipient’s email address > ” has been inactive for some days.
To securely confirm and reactivate your account please click on the link bellow:
You will in fact go to:
This is not somewhere I’m going and I wouldn’t advise anyone to go there. You might pick up a nasty cold. It looks like a games website in Spain (the domain is “es”). I presume the page looks like a Tesco Finance log-in page. When you enter your log-in credentials the owner of the page can save them and use them to log-in to your real Tesco Finance account and play a dirty trick on you.
This email was delivered to my MS Outlook Inbox from a btinternet.com account. It wasn’t picked up by them as spam nor was it detected by Norton Internet Security, presumably because it is a new kid on the block.
I have forwarded the email to TESCO Bank for their perusal.
So now you know how to check a suspect email. Good luck and watch out.