Sunday, August 07, 2005

A Word About Phishing

Phishing is a reel pain. (pun intended)  So the phishing I am referring to in the Internet scam kind. I know that my family reads my blog, so this is for you guys. I don’t want you getting ripped off by the evil people out there on the Internet. In 2004, 970,000 people were victims of phishing scams.

So lets talk about what a phishing attack is, and how it starts. Its starts simple enough, you get an email that says it is from your bank or credit union. It usually says something to the effect that they’ve either done some system maintenance or had a system upgrade and need you to log in to the home banking site to verify either your information or your account. Of course for your convenience they’ve added the link to home banking in the email for you, so all you have to do is click the link to login.

See the Evils Phishing Bad Guys or EPBGs for short are very crafty. They will completely copy the look and feel of the website they are trying to imitate. Oh and don’t think because your bank or credit union is small that the EPBGs won’t try to phish it. It’s become a matter of when not if for all banks and credit unions.

So how do you tell the real email from the fake ones? Here is where the details matter. For the most part the EPBGs are launching these attacks from overseas, mostly Eastern Europe and Asia, so improper grammar and spelling are give aways that the email is probably a fake. Take it from me, our marketing people go through at least 5 revisions before an email is sent out.  Another thing to look at is the link in the email, does it look like the right address or is something a little off? If it doesn’t look right, it probably isn’t right. Third call the FI (Financial Institution) that send the email, don’t be afraid to ask them, “Hey did you send me this?”  If they don’t know about it, then they didn’t send it.

Okay now you’ve figured out that the email you got was a phishing scam, don’t delete it just yet, report the email to the company that the email claims to be from. They need to know as soon as possible, to protect themselves and their customers, as well as get the scam site shut down.

I’m not trying to scare you guys, I just want to keep you informed.

1 comment:

PixieStitch said...

Yup yup, another thing to check is the headers of the email to see where it came from, and also its return path. However even some of these can be pretty deceptive. Always go to sites via your bookmarks. Never trust links in emails. Some Phishers will actually link to the site but they have also a pop up for you to fill out making you think you're logging in and they steal your info that way too.

I know from my website, my email addy, I've received(didn't fall for them) and reported four phisher emails to the respective companies. Once that is all said and done then I delete and block sender.