Questrade Phishing Email with subject Optional Account Update for Improved Investment Experience

For the record, this is a Questrade phishing email attempt that is recently going around, with subject Information about your online security and body "Optional Account Update for Improved Investment Experience"

What to do?  Report them, goto bottom of page. 

From: Questrade<transaction@ddqhbe.com> Subject: Optional Account Update for Improved Investment Experience Dear Client, We hope you are having a pleasant day. As part of our ongoing efforts to improve account accuracy and enhance user experience across our platform, we periodically invite clients to review and update their account information. During a recent internal review, your account was identified as one that may benefit from a profile update. At the moment, your stock subscription is undergoing a temporary internal check while we ensure that all account details remain consistent within our system. We would like to emphasize that this process is a standard operational procedure and does not indicate any problem with your investment or account status. Your assets and positions remain unchanged. To proceed with the update, you may access your account through the following secure link: Update Profile The update process will guide you through reviewing your basic personal details, confirming your communication preferences, and checking your account security settings. It has been designed to be clear, straightforward, and user-friendly. Once the update is completed, the review flag will be removed automatically, and your subscription will continue its standard processing without further interruption. We recommend completing this update at your convenience to help us provide you with smoother account services, clearer notifications, and more accurate records in the future. If you have any questions or need assistance, please contact our support team through the official channels provided in your account interface. Thank you for your understanding and continued use of our services.

Phishing Link

1. https://l9yaz2ib7.com/?token=xxxx

How to tell this is a Phishing email?

1. Check email address in full, if it's not from originating company then it's phishing.
2. Hover over all links in email, if it's not from the company's website then forget it.
3. The best way is to 

How to examine Email Message Source?

Now let's look at message source

1. Outlook.com->Actions->View Message Source. 
2. Gmail.com->More (down arrow to top right)->Show original.

Check for suspicious links, anything that does not originate from source domain, like apple.com.

Report Phishing Email (not as Spam)

1. Outlook.com->Junk (at Top)->Phishing Scam
2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing to Google

If you have received this email, take further action by

1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx