A Sample of the NCB Phishing Email
Subject Important Information: Your activation is required
From: NCB Jamaica <firstname.lastname@example.org>
We previously contacted you about our recent upgrade to our online security standards. This upgrade requires you to update your user profile.
Download the attached document and follow the easy instructions
Neglecting to update your PVQs by April 27, 2017 will impact your
ability to log on to the NCB Jamaica Internet Banking.
Please do not reply to this message. For questions, please call our Customer Care Centre at 1-888-NCB-FIRST (622-3477). We are available 24 hours a day, 7 days a week.
National Commercial Bank
www.jncb.com | 1-888-NCB-FIRST
This message contains information which may be privileged. Unless you are the addressee (or are authorized to receive for the addressee), you may not use, copy, or disclose to anyone, the message or information contained therein. If you have received this message in error, please advise the sender by reply email/fax and delete/discard the message.
NCB Jamaica and most other legitimate companies will never send email messages to their customers asking them to open a HTML document in order to verify their email addresses or update their records. Therefore, recipients of unexpected or suspicious email messages with attachment ending with ".html" or ".htm" are asked to contact the organizations the email messages appear to have been sent from, in order to verify their authenticity, before they attempt to open the attachment.
And, although the "From" address of an email message contains the email address of a legitimate organization; it doesn’t necessarily means it was sent by that organization. There is a technique called Email Spoofing, which allows the sender of an email message to change the "From" address of an email message, to make the same message appear as if it came from someone else.
I can send an email message to a friend and change the “From” email address of the same message to "email@example.com." Once my friend receives the email message, he/she will think the email message came from the president of the United States, when it was actually sent by me. So, never rely on the “From” or sender’s email address to determine if an email message is legitimate or not.