Laura Scott
Blog
PINGV Creative
Bio
I'm a designer with a geeky tech compusion. I'm Creative Director and Co-Founder of PINGV Creative, which specializes in creative strategy and intera...
Recent Posts
 
 
 
 

What’s Hot on BlogHer.com

Recent Comments

The mouse exposes the phish

December 22, 2006 2:22 pm by Laura Scott in Tech
  • Share This Post
  • submit
  • 11
  • Sparkle (
    )
     

I received a rather alarming email today from what appeared to be PayPal, confirming an iPod purchase that I never made. I get well over 100 spam and phishing emails every day, but I confess this one made me blink.

PayPal phishingThis email was not from PayPal, but they wanted me to believe it was. "Hey, wait a minute!" I cried not quite aloud. "I didn't order any iPod!"

Of course I hadn't. And I had not been charged for any iPod. This was yet another tactic in the world of phishing, and I could only groan at how many innocent people will be suckered by it. It happens all too often.

Many readers will already know about phishing:

Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures.

The best way to deal with phishing is to recognize it when you see it. And here, your mouse is your friend. The answer is hidden in the links within the email.

If I'm not sure about the identity of the sender, and cannot dismiss the email out of hand -- e.g., I don't have a Wells Fargo account or eBay account, thank you very much -- I mouse over the link -- don't click* -- and see where it really links to.

mouse over the linkHere, in this screenshot, I can see that the link takes me to some website called kiesz.com. (Note: Where the link is revealed differs between email programs. If the link doesn't pop up when you mouse over the link, you might see the link down in the status bar of your email program at the bottom.)

I'm not fooled by the http://www.google.com in the url -- that's just a trick to make you think the url is "safe," but Google will just redirect you to the pernicious site ... which will look real (but won't be).

If you do happen to click to the site, whatever you do, don't type in your private information! Instead, go to the institution's actual website and start there. For example, if the email was seemingly from PayPal, manually surf to paypal.com and type in your information there.

What is really dangerous (and imho evil) about these PayPal scams is that, in most cases, the thief will be able to get in and drain hundreds or thousands of dollars from your account before you notice. The same goes for personal banking accounts.

So whenever you encounter what smells like a phish, let your mouse check it out and avoid what could end up being a bear of a problem.

Happy Holidays!

*If you click, then the phisher/spammer will have confirmation that your email address is valid, and will be able to sell it to other phishers and spammers, and you'll only get more and more of this garbage in your in-box.

Laura Scott blogs on her business site, pingVision, and her personal blog, rare pattern.

  • 11
  • Sparkle (
    )
     

Related Posts

More Like This

Comments

Post comment as
twitter logo facebook logo
Sort: Newest | Oldest
Elisa Camahort
Elisa Camahort 5 pts

Just had to give props to the mouse/phish headline :)

Elisa Camahort
BlogHer and Worker Bees
elisa@blogher.org/elisa@workerbees.biz

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
bobafifi
bobafifi 5 pts

I used to send bogus emails on to PayPal, eBay etc. However, once I got wise that the scammers didn't know the name and email address I used to register with these companies, I simply set up rules in my email filters to screen for those keywords. I've had 100% success this way - legit PayPal emails go into their own folder, all the bogus ones don't and are easily marked spam and deleted.

-Bob
bobafifi.com ( http://www.bobafifi.com )

usedflutes.com ( http://www.usedflutes.com )

fluteplayer.net ( http://www.fluteplayer.net )

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Mata H
Mata H 5 pts

There have been so many phishing emails for Payp[al, that you can now forward a Paypal email that you think is suspect to "spoof@paypal.com", and they will reply letting you know if it was real or bogus.

~~ Contributing Editor, Mata H. also blogs relentlessly at Time's Fool ( http://timesfool.blogspot.com )

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
bobafifi
bobafifi 5 pts

Unless the email addresses me by my name - not "Dear PayPal Member" - I know it's BS.

-Bob
bobafifi.com ( http://www.bobafifi.com )

usedflutes.com ( http://www.usedflutes.com )

fluteplayer.net ( http://www.fluteplayer.net )

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Laura Scott
Laura Scott 5 pts

I have seen it with phishing faking being banks, though. I chalk it up to having a public email address.

Laura Scott
design ( http://www.pingv.com ), snap ( http://scatteredsunshine.com ), blog ( http://www.rarepattern.com )

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
bobafifi
bobafifi 5 pts

hmmm... I've never seen it. Legit PayPal emails always address me by my registered name - not a generic "Dear PayPal Member." So far I've not seen any evidence that the scammers have access to that user info - if they did, why would they use "Dear PayPal Member" instead?

Thanks Laura,

-Bob
bobafifi.com ( http://www.bobafifi.com )

usedflutes.com ( http://www.usedflutes.com )

fluteplayer.net ( http://www.fluteplayer.net )

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Laura Scott
Laura Scott 5 pts

I wonder what banks are doing, as they almost certainly must have a less tech-savvy clientèle, on average.

Laura Scott
design ( http://www.pingv.com ), snap ( http://scatteredsunshine.com ), blog ( http://www.rarepattern.com )

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Laura Scott
Laura Scott 5 pts

So unfortunately that's not enough of a protective strategy for many folks, alas.

Laura Scott
design ( http://www.pingv.com ), snap ( http://scatteredsunshine.com ), blog ( http://www.rarepattern.com )

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
maryrwise
maryrwise 5 pts

I got this one, but it wasn't an iPod, it was a Dell computer that I had supposedly bought. I must admit that, even as an experienced phish detector, I almost clicked that link.

I do still send them on to spoof@paypal.com and/or spoof@ebay.com, if only to alert them to the scam. The companies say they investigate -- I hope they do.

Mary

The Blog: Red Nose ( http://bozoette.typepad.com )
The Book: Girl Clown ( http://www.lulu.com/content/45470 )

share
  • spam
  • offensive
  • disagree
  • off topic
 Like
Elisa Camahort
Elisa Camahort 5 pts

I've seen a lot of phishing,but this one's new on me.

Although, here's a funny story that happened the other day. I got an email thanking me for my recent membership of an organization with which I was certainly familiar, but hadn't joined. It was unclear how I'd been charged, although it quoted a value for my membership. It seemed quite real in all respects.

So I called them.

Turns out one of the org's staff wanted to let me check out something for potential use at the conference,so they had created a dummy membership for me to go behind their members only firewall.

Of course her email telling me that only showed up after I had indignantly called the org and protested that I had *not* joined their organization!

So, in this case, and only in this case, it was not a phish, but a favor.

Elisa Camahort
BlogHer and Worker Bees
elisa@blogher.org/elisa@workerbees.biz

share
  • spam
  • offensive
  • disagree
  • off topic
 Like