Here Me Blog

Have you ever gotten an unsolicited e-mail (aka spam) or seen a pop-up that tried to hook you into entering or providing personal and/or financial information? If so, then someone tried to hook you with his/her phishing scam.

Imagining the rampant ignorance on the web pains me to say the least, but all of us who know better need to help those who are slow, silly or stupid. Some of these phishing attempts are really quite tricky and convincing. I’ve been mostly attacked by these via spam. I have seen numerous phony PayPal and Citi e-mail look-a-likes in my inbox over the last couple years.

Before continuing, a quick definition of phishing from OnGuardOnline:

…it involves Internet fraudsters who send spam or pop-up messages to lure personal information (credit card numbers, bank account information, Social Security number, passwords, or other sensitive information) from unsuspecting victims.

If only more people used the status bar in their web browsers! The status bar is in the lower left-hand corner of most, if not all, browsers, and it shows the URL to which a link is coded. Just because the text of a link says “http://www.paypal.com/security” doesn’t mean it actually points to such a page or that such a page even exists. The URL programmed behind that link might actually be pointing to something like “http://x4cl.trnf.cl/stealinfo.jsp” (which is totally fictional and made up), and the status bar would tell you that. No reliable and trustworthy company would ever do something like that, and I think phishing would see a big dip is success rates if more people would learn this simple piece of advice.

Many companies have taken extra measures to show you that an e-mail from them is legitimate, like showing part of your account number in the message. Also, keep in mind that poorly written messages (bad grammar, misspellings, etc) are 99.9999% of the time going to be a clue that the message is a phishing attempt.

Visit the OnGuardOnline phishing info page to learn more tips, like the one below, about this scam tactic.

If you get an email or pop-up message that asks for personal or financial information, do not reply. And don’t click on the link in the message, either. Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address yourself. In any case, don’t cut and paste the link from the message into your Internet browser — phishers can make links look like they go to one place, but that actually send you to a different site.

This entry was posted on Wednesday, November 9th, 2005 at 2:44 pm and is filed under Tech & PC. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.