Did You Know?



Reply
Retired Webrooter
AlexF
Posts: 97
Registered: ‎01-11-2012

What is Phishing?

This subject was inspired by a recent conversation here on the community about fake DHL emails that lead to scams.

 

So, what exactly is phishing?

 

Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company asking you to provide sensitive information. This is usually done by including a link that supposedly takes you to the company’s website where you are asked to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam.

 

The term ‘phishing’ is a pun on the word fishing because criminals are dangling a fake ‘lure’ (the email that looks legitimate, as well as the website that looks legitimate) hoping users will ‘bite’ by providing the information the criminals have requested – such as credit card numbers, account numbers, passwords, user names, and more.

 

Here are some clues that usually indicate an email is a scam:

  1. The email is not addressed to you. “Dear Customer” isn’t an identifier
  2. You don’t have an account with the company, or haven’t used the company’s service
  3. Grammatical errors. Usually, you’ll notice weird capitalizations and terrible grammar.
  4. They push you with urgent messages to open attachments or click on links.
  5. If you hover over links with your mouse, you’ll see the URL destination on the bottom of your browser. You can clearly see that all links send you away from the company site—or they try to fool you by adding the company name somewhere in the URL.

Seeing any one of these flaws is enough to tell you the email is a phishing attempt – but what if these errors aren’t present? A smarter scammer could have corrected all these mistakes, including knowing the recipient’s name and email address, and masking their URL in a much more convincing manner. If they had done a better job there would have been nothing in the message to trigger your alarm bells – even though the email would still be fake.

 

So how can you guarantee you don’t fall for a phishing scam? Apply these two actions consistently and you will be nearly 100% protected from online scams:

 

  1. Drive, don’t be pulled. Stay in the driver’s seat by finding the website yourself. This is the ONLY way to guarantee you land on the legitimate site. If you use the link (or phone number) in an email, IM, ad on a website/blog site/forum/social network/text message, etc., where you land (or who you talk to) is their choice, not yours. The website they take you to (or the ‘bank manager’ on the phone) may be a very convincing copy, but if you enter your information it will be stolen and abused. Instead, use your own link. If you use the company, you may already have a bookmark for the website you can use, if not, use a search engine and type in the company’s name, then use the link from your search engine to go to the correct site. If the email is legitimate, you will see the same information when you log into your account on the legitimate site.
  2. Install or activate a web tool that identifies malicious sites for you so you know the website you find is legitimate. There are several tools that will do this for you. Every standard browser now has a tool you can turn on to alert you if a website you are about to click on, or just clicked on, is safe or malicious.
// Alex // Webroot Community Enthusiast //
Please use plain text.
TripleHelix
Posts: 5,346
Topics: 400
Kudos: 3,240
Ideas: 5
Solutions: 419
Registered: ‎02-03-2012

Re: What is Phishing?

[ Edited ]

Thanks Alex! I have been getting allot of Phishing emails from so called YouTube and when you click on the link it takes you to an online Pharmacy, looks real doesn't it? It had my real email address in which I removed from the picture and as you said it's something I never signed up for! :smileyfrustrated:

 

Cheers,

 

TH

 

EDIT: And see the second picture when I hover over the link!

 

coollogo_com-133794099.gif


asapvip.png   SigSVIP.png    Sr.Expert Advisor Jan 23 2014.png


Webroot® SecureAnywhere™ Internet Security Complete 2014 Beta Tester v8.0.4.70 on my main system Windows 7 Ultimate 64bit & on Win XP 32bit, Win Vista 32bit, Win 7 32bit, Win 8.1 Pro 32bit & 64bit all on VM's. 


MVP.gif.pngMicrosoft® MVP Consumer Security 2012/15


New to the Community? Register now and start posting!

Please use plain text.
Retired Webrooter
AlexF
Posts: 97
Registered: ‎01-11-2012

Re: What is Phishing?

Wow, that's crazy. Thanks for sharing this!
// Alex // Webroot Community Enthusiast //
Please use plain text.
TripleHelix
Posts: 5,346
Topics: 400
Kudos: 3,240
Ideas: 5
Solutions: 419
Registered: ‎02-03-2012

Re: What is Phishing?

[ Edited ]

Thanks Alex! Here is another one and Outlook 2010 has a warning on this one! And notice the time it's about 6 hours early to my time! And notice the link this time when I hover over it! And also the third picture I have converted to Plain Text!

 

TH

 

 

 

coollogo_com-133794099.gif


asapvip.png   SigSVIP.png    Sr.Expert Advisor Jan 23 2014.png


Webroot® SecureAnywhere™ Internet Security Complete 2014 Beta Tester v8.0.4.70 on my main system Windows 7 Ultimate 64bit & on Win XP 32bit, Win Vista 32bit, Win 7 32bit, Win 8.1 Pro 32bit & 64bit all on VM's. 


MVP.gif.pngMicrosoft® MVP Consumer Security 2012/15


New to the Community? Register now and start posting!

Please use plain text.
Retired Webrooter
AlexF
Posts: 97
Registered: ‎01-11-2012

Re: What is Phishing?

Sneaky gimmick. Glad you caught it!
// Alex // Webroot Community Enthusiast //
Please use plain text.
TripleHelix
Posts: 5,346
Topics: 400
Kudos: 3,240
Ideas: 5
Solutions: 419
Registered: ‎02-03-2012

Re: What is Phishing?

[ Edited ]

AlexF wrote:
Sneaky gimmick. Glad you caught it!

Thanks Alex I got 4 more over night I report them all to Microsoft as they can add them to the Junk email definitions for Outlook!  abuse@messaging.microsoft.com

 

From Microsoft:

 

"This is an automated reply from the Microsoft Forefront Online Security, Spam Analysis Department.  No additional correspondence will be sent to you.

 

We appreciate your spam submission.  You will receive this auto-reply message only once per day if you submit multiple emails for evaluation in a 24 hour period.   Additional information is as follows:

 

* Spam submissions are processed seven days per week with new spam rules pushed out continuously.  Time frames for rules on individual submissions vary depending on the quantity and quality of submissions.

 

* As new spam rules are set globally for all customers, please be aware that not all individual spam submissions result in a new spam rule.

 

* It is critical that when reporting spam that full Internet headers are included.  This may be done by sending the offending message as an attachment along with the full original Internet headers; OR by using the Junk-Email Plug-In (as made available for some Outlook 2003+ users depending upon your organization).

 

*In order for automated spam processing to take place, spam submissions should be sent in individually.  Please do not forward multiple spam mails in one individual message.

 

Thank you for assisting us in controlling unwanted email!

 

Microsoft Forefront Online Security"

 

TH

coollogo_com-133794099.gif


asapvip.png   SigSVIP.png    Sr.Expert Advisor Jan 23 2014.png


Webroot® SecureAnywhere™ Internet Security Complete 2014 Beta Tester v8.0.4.70 on my main system Windows 7 Ultimate 64bit & on Win XP 32bit, Win Vista 32bit, Win 7 32bit, Win 8.1 Pro 32bit & 64bit all on VM's. 


MVP.gif.pngMicrosoft® MVP Consumer Security 2012/15


New to the Community? Register now and start posting!

Please use plain text.
Retired Webrooter
AlexF
Posts: 97
Registered: ‎01-11-2012

Re: What is Phishing?

If I get one more email from the Canadian Pharmacy, Rolex, or some forlorn woman looking for someone to date, I think I might just go crazy. :smileyhappy:
// Alex // Webroot Community Enthusiast //
Please use plain text.
TripleHelix
Posts: 5,346
Topics: 400
Kudos: 3,240
Ideas: 5
Solutions: 419
Registered: ‎02-03-2012

Re: What is Phishing?

[ Edited ]

I get those also but they go right in the Junk Email Folder in Outlook 99% of the time! :robottongue: I use my ISP email and they use Yahoo mail for there email service it just goes to show how much Spam and Phishing emails get through there Filters and the one's that carry Malware and doesn't Yahoo mail use N****n as there AV :smileyfrustrated:

 

TH

coollogo_com-133794099.gif


asapvip.png   SigSVIP.png    Sr.Expert Advisor Jan 23 2014.png


Webroot® SecureAnywhere™ Internet Security Complete 2014 Beta Tester v8.0.4.70 on my main system Windows 7 Ultimate 64bit & on Win XP 32bit, Win Vista 32bit, Win 7 32bit, Win 8.1 Pro 32bit & 64bit all on VM's. 


MVP.gif.pngMicrosoft® MVP Consumer Security 2012/15


New to the Community? Register now and start posting!

Please use plain text.
Community Guide
TonyW
Posts: 179
Registered: ‎03-26-2012

Re: What is Phishing?

If you need to know more about phishing, please check out: http://www.antiphishing.org/resources.html
Please use plain text.
Sr. Community Guide
Sr. Community Guide
RWM
Posts: 367
Registered: ‎10-26-2012

Re: What is Phishing?

[ Edited ]

Merely identifying and deleting phishing/scamming emails is not enough.  It is important to become proactive.  File a complaint with the Federal Communications Commission (FCC).  It takes a few minutes to complete the form.   http://www.fcc.gov/complaints

 

I do this as a matter of course.  The FCC will acknowledge the complaint, assign a complaint number, and take action.  It generally takes a few weeks for the FCC to acknowledge your complaint.  I believe that if enough complaints are received by the FCC about to a particular sender, it will take appropriate action.

 

A similar approach applies if you receive robotic phone calls on your cell or landline.  If you receive a suspicious call, make note of the number from your caller ID and then Google the number.  If there is a history of abuse from a particular caller, copy the thread and file a complaint with the FCC, citing the thread and pasting it into the complaint form.  This will alert the FCC that the caller is a repeat offender and increase the likelihood of action by the agency.

 

Sounds like a PITA, I know, but these emails and calls only proliferate.  Once your email address/phone number gets on a list, you're going to have repeated problems.

 

Good luck!

Please use plain text.