BlogHer - The mouse exposes the phish - Comments

I can't say I've seen it with PayPal

Laura Scott — Mon, 01 Jan 2007 11:55:57 -0600

I have seen it with phishing faking being banks, though. I chalk it up to having a public email address.

Re: Lots of phishing has the user's name

bobafifi — Wed, 27 Dec 2006 14:54:04 -0600

hmmm... I've never seen it. Legit PayPal emails always address me by my registered name - not a generic "Dear PayPal Member." So far I've not seen any evidence that the scammers have access to that user info - if they did, why would they use "Dear PayPal Member" instead?

Thanks Laura,

-Bob
bobafifi.com

usedflutes.com

fluteplayer.net

Good tip

Laura Scott — Wed, 27 Dec 2006 14:20:35 -0600

I wonder what banks are doing, as they almost certainly must have a less tech-savvy clientÃ¨le, on average.

Laura Scott
design, snap, blog

Lots of phishing has the user's name

Laura Scott — Wed, 27 Dec 2006 14:17:04 -0600

So unfortunately that's not enough of a protective strategy for many folks, alas.

Laura Scott
design, snap, blog

Thanks, and please be assured

Laura Scott — Wed, 27 Dec 2006 14:16:00 -0600

I wasn't phishing for props. ;)

Laura Scott
design, snap, blog

I got this one too!

maryrwise — Sat, 23 Dec 2006 17:55:49 -0600

I got this one, but it wasn't an iPod, it was a Dell computer that I had supposedly bought. I must admit that, even as an experienced phish detector, I almost clicked that link.

I do still send them on to spoof@paypal.com and/or spoof@ebay.com, if only to alert them to the scam. The companies say they investigate -- I hope they do.

Mary

The Blog: Red Nose
The Book: Girl Clown

Re: There have been so many

bobafifi — Sat, 23 Dec 2006 00:12:38 -0600

I used to send bogus emails on to PayPal, eBay etc. However, once I got wise that the scammers didn't know the name and email address I used to register with these companies, I simply set up rules in my email filters to screen for those keywords. I've had 100% success this way - legit PayPal emails go into their own folder, all the bogus ones don't and are easily marked spam and deleted.

-Bob
bobafifi.com

usedflutes.com

fluteplayer.net

There have been so many

Mata H — Fri, 22 Dec 2006 22:55:26 -0600

There have been so many phishing emails for Payp[al, that you can now forward a Paypal email that you think is suspect to "spoof@paypal.com", and they will reply letting you know if it was real or bogus.

~~ Contributing Editor, Mata H. also blogs relentlessly at Time's Fool

Re: The mouse exposes the phish

bobafifi — Fri, 22 Dec 2006 17:56:00 -0600

Unless the email addresses me by my name - not "Dear PayPal Member" - I know it's BS.

-Bob
bobafifi.com

usedflutes.com

fluteplayer.net

Cute headline, BTW

Elisa Camahort — Fri, 22 Dec 2006 17:24:15 -0600

Just had to give props to the mouse/phish headline :)

Elisa Camahort
BlogHer and Worker Bees
elisa@blogher.org/elisa@workerbees.biz

That's a new one

Elisa Camahort — Fri, 22 Dec 2006 17:04:57 -0600

I've seen a lot of phishing,but this one's new on me.

Although, here's a funny story that happened the other day. I got an email thanking me for my recent membership of an organization with which I was certainly familiar, but hadn't joined. It was unclear how I'd been charged, although it quoted a value for my membership. It seemed quite real in all respects.

So I called them.

Turns out one of the org's staff wanted to let me check out something for potential use at the conference,so they had created a dummy membership for me to go behind their members only firewall.

Of course her email telling me that only showed up after I had indignantly called the org and protested that I had *not* joined their organization!

So, in this case, and only in this case, it was not a phish, but a favor.

Elisa Camahort
BlogHer and Worker Bees
elisa@blogher.org/elisa@workerbees.biz

The mouse exposes the phish

Laura Scott — Fri, 22 Dec 2006 16:22:41 -0600

I received a rather alarming email today from what appeared to be PayPal, confirming an iPod purchase that I never made. I get well over 100 spam and phishing emails every day, but I confess this one made me blink.

This email was not from PayPal, but they wanted me to believe it was. "Hey, wait a minute!" I cried not quite aloud. "I didn't order any iPod!"

Of course I hadn't. And I had not been charged for any iPod. This was yet another tactic in the world of phishing, and I could only groan at how many innocent people will be suckered by it. It happens all too often.

Many readers will already know about phishing:

Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures.

The best way to deal with phishing is to recognize it when you see it. And here, your mouse is your friend. The answer is hidden in the links within the email.

If I'm not sure about the identity of the sender, and cannot dismiss the email out of hand -- e.g., I don't have a Wells Fargo account or eBay account, thank you very much -- I mouse over the link -- don't click* -- and see where it really links to.

Here, in this screenshot, I can see that the link takes me to some website called kiesz.com. (Note: Where the link is revealed differs between email programs. If the link doesn't pop up when you mouse over the link, you might see the link down in the status bar of your email program at the bottom.)

I'm not fooled by the http://www.google.com in the url -- that's just a trick to make you think the url is "safe," but Google will just redirect you to the pernicious site ... which will look real (but won't be).

If you do happen to click to the site, whatever you do, don't type in your private information! Instead, go to the institution's actual website and start there. For example, if the email was seemingly from PayPal, manually surf to paypal.com and type in your information there.

What is really dangerous (and imho evil) about these PayPal scams is that, in most cases, the thief will be able to get in and drain hundreds or thousands of dollars from your account before you notice. The same goes for personal banking accounts.

So whenever you encounter what smells like a phish, let your mouse check it out and avoid what could end up being a bear of a problem.

Happy Holidays!

*If you click, then the phisher/spammer will have confirmation that your email address is valid, and will be able to sell it to other phishers and spammers, and you'll only get more and more of this garbage in your in-box.

Laura Scott blogs on her business site, pingVision, and her personal blog, rare pattern.