There is a lot of phishing email going around today that is meant to dupe you into revealing sensitive personal information that can be used by perpetrators to defraud you.
I recently got a clever email today and I want to share this one with you.
It reads…
Dear PayPal Member,
Your account has been randomly flagged in our system as a part of our routine security measures. This is a must to ensure that only you have access and use of your Paypal account and to ensure a safe PayPal experience. We require all flagged accounts to verify their information on file with us. To verify your information at this time, please visit our secure server webform by clicking the hyperlink below:
Click here to verify your Information
Thank you for your patience as we work together to protect your account
End of email.
If you mouse over the link, the blue phrase where you are asked to verify your information, look at the lower left portion of your web browser (Firefox) and you will see the destination URL that it leads to. In this case the destination URL is “http://tinyurl.com/2gr3lu” which is actually a masked URL. This link has actually already been discontinued by tinyurl.com, and tinyurl.com is in fact a legitimate and legal service online that offers free link shortening. Meaning, if you have an excessively lengthy URL, you can shorten that by simply going to tinyurl.com, enter that long URL, and have them give you a different and shorter URL that still directs you to the same destination. However this service has been abused in this specific example, so I am not surprised why the link is no longer active.
What is Phishing?
Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay, PayPal and online banks are common targets. Phishing is typically carried out by email or instant messaging, and often directs users to enter details at a website, although phone contact has also been used. Phishing is an example of social engineering techniques used to fool users. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical measures. (Source: http://en.wikipedia.org/wiki/Phishing)
This alludes to fishing, where you get sent a bait, in the hope of catching financial information and password.
How to Protect Yourself From Phishing
Here are some steps to take to avoid phishing attempts.
Anti-Phishing Tip 1
When you are contacted via email, and asked to verify an account, first check where the email is actually coming from; check the sender’s email address. Then check out the links on the email that you are asked to click on. If they are vague or you are not sure about its authenticity, forward that email to the company that has sent you that email and ask if this was a legitimate message sent from that company. Do not reply, forward the message to a customer service email address on the company’s website.
Anti-Phishing Tip2
Almost all legitimate email messages from companies to their customers contain an item of information that is not readily available to phishers, like PayPal for example, always address their customers by their user name in email, so if an email addresses the recipient in generic fashion like Dear PayPal customer or Dear PayPal Member, as in the email that I received above, it is likely to be an attempt at phishing.
cforms contact form by delicious:days
January 15th, 2008 at 10:27 am
[…] here is a post which also has to do with emailing phishing. Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover […]