Recognising phishing emails

Chris Horroll
Chris Horroll
  • Updated

All_housebuilders_with_a_base_sub_zooplapro.jpg

Phishing is a term that references efforts by a fraudster to obtain personal information such as usernames and passwords. Once obtained, these details are later used to gain access to your systems.

 Warning

We have been made aware that a phishing attempt has been received by some housebuilders from fraudsters claiming to be Zoopla.  If you have received any email you are unsure of, ensure you do not click any links, and delete the email

This article includes: 

Recognising fake Zoopla emails

Fraudsters will attempt to phish personal details by disguising themselves as a trustworthy entity, such as a potential lead or company. 

Screenshot_2020-06-04_at_15.05.06__1_.png

Signs to look out for when recognising fake Zoopla emails are: 

phishing.png

In the above example, whilst it may look genuine on first glance, it is indeed fraudulent. The tell-tale signs include:

  • The email wasn't received from billing@zoopla.co.uk via system@sent-via.netsuite.com
  • Urgent Subject line using generic account and invoice details
  • Varying type and sizing of font
  • When hovering the mouse over the links, there is no https at the start of the addresses, and they are generic and fraudulent web addresses that have no relation to Zoopla

If you have received an email similar to the ones above, or one which is cause for concern:

  • Don't click on any links contained in the email
  • Don't reply to the email
  • Don't download any attachments contained in the email
  • If you are unsure, forward the email to members@zoopla.co.uk, and we will investigate for you

Spotting an attempt at phishing

  • Check the URL - Is it a secure website?
    An 'https' at the start of the URL in your browser and a padlock indicates that your connection is secure and the information you send is kept private. If the browser states 'Not secure' and/or has an unlocked key icon appearing next to the URL, your connection is not private and any personal details you enter or send can be intercepted
  • Unusual contacts - Emails from an unknown source or unexpected email address
    Emails that seem to have been sent by entities known to you could be fraudulent if the sender has attempted to mimic an email address, brand or name.  If the sender seems different from what you had expected, it may be a phishing attempt.  Never open emails which you suspect are fraudulent
  • Urgent subject lines
    Emails with a subject line meant to cause alarm, i.e. 'Security Alert' or 'Your account may be suspended’ can be an attempt to convince you to act straight away in securing your account or changing your login details.  Acting on this urgency by clicking links in the email could expose you to fake websites, or keylogging software that can monitor what keys you press and record password entries. Never open emails or click on links which you suspect are fraudulent
  • Requests for personal and private information
    Be wary of any company that emails asking you for usernames, passwords, verification codes or other secure data. This is unusual behaviour and likely an attempt at phishing
  • Web pages or links with odd URLs / addresses
    Malicious websites may look identical to legitimate sites but the underlying address or URL may use a variation in spelling or a different domain, i.e. rather than ending with .co.uk, it might have .co.net
    • When viewing an email, hover over hyperlinks (or buttons) to see the underlying website address
    • If in doubt, don't follow the link, rather, access your accounts in the usual way such as manually typing the address in the search bar or by using Google

 Note

  • If you think you may have entered your details on a scam site, visit the real ZooplaPro site in your normal way and change your password immediately
    For more information on Managing your passwords effectively, click here
  • If you entered any banking details, monitor your bank account for any unauthorised transactions and contact your bank.  They will be able to provide support and outline the best course of action to take
  • You can report suspicious and fraudulent emails in the UK to Action Fraud