Tuesday, September 12, 2006
Phishing for Phools
Ahhh, phishing scams. These can be through email or instant messaging. Sometimes, it is over the phone.
Had a lovely one a few years ago allegedly in regards to my Paypal account. It stated flat out that it had to verify personal information. Warning bells clanged in my head. I checked the URL of the link. Sure enough, it wasn't directed towards the paypal server. It could be a virus, but curiosity overcame my fear and I clicked on the link. Turned out that it was a straight up scam seeking my identity, not my computer's soul. It was amazing the amount of information they asked for: Full name, birthdate, social security number, bank account numbers.
How many did they send out? If only one person in 10,000 fell for it, they probably had at least 100 identities.
Got one from a Chase imposter this time. I wasn't brave enough this time to click on the link, but I did look up the info on it.
http://www.millersmiles.co.uk/report/3163
Here is a clue about how to detect these things. The obvious one is that the company you have an account with will not initiate information gathering over the computer. If you recieve an email that leads you somewhere asking for all kinds of information that you think is from a company you have an account with, it is a scam. Companies that have your sensitive information do not send mail requesting you to 'confirm' that information.
But another good clue is where it is actually coming from. Listen up a bit class.
Let us take a domain, say "wwwDOTrespectedcreditcardcompanyDOTripyouoffDOTcom"
com is the Top Level Domain. Lets make a rough analogy to help things. You could call this a street or city or maybe a state, or a country.
ripyouoff is the Domain Name - this is the key here. The name just to the left of the Top Level Domain is always the actual registered domain name and this is where you will go. In our analogy, this would be a house.
respectedcredicardcompany - while in our thinking, being first (after www, of course) would mean precedence, this is untrue in domain names. This part of the URL is a sub domain. That is, it is a part of the Domain name. There can be more than one subdomain in a URL. In the analogy, this part would direct you to a room in the house.
So are you going to the respected credit card company? No, you are going to a house called Rip You Off, and in that house is a door with a sign, paint still wet, that says "Respected Credit Card Company" which leads into a room with con artist who will take you for all you have.
But lastly, if in doubt, call the company you allegedly got an email or instant message from. Your safety is important to them, because identity theft hurts them as well. They'll tell you what you need to know. ¶ 10:55 AM
Ahhh, phishing scams. These can be through email or instant messaging. Sometimes, it is over the phone.
Had a lovely one a few years ago allegedly in regards to my Paypal account. It stated flat out that it had to verify personal information. Warning bells clanged in my head. I checked the URL of the link. Sure enough, it wasn't directed towards the paypal server. It could be a virus, but curiosity overcame my fear and I clicked on the link. Turned out that it was a straight up scam seeking my identity, not my computer's soul. It was amazing the amount of information they asked for: Full name, birthdate, social security number, bank account numbers.
How many did they send out? If only one person in 10,000 fell for it, they probably had at least 100 identities.
Got one from a Chase imposter this time. I wasn't brave enough this time to click on the link, but I did look up the info on it.
http://www.millersmiles.co.uk/report/3163
Here is a clue about how to detect these things. The obvious one is that the company you have an account with will not initiate information gathering over the computer. If you recieve an email that leads you somewhere asking for all kinds of information that you think is from a company you have an account with, it is a scam. Companies that have your sensitive information do not send mail requesting you to 'confirm' that information.
But another good clue is where it is actually coming from. Listen up a bit class.
Let us take a domain, say "wwwDOTrespectedcreditcardcompanyDOTripyouoffDOTcom"
com is the Top Level Domain. Lets make a rough analogy to help things. You could call this a street or city or maybe a state, or a country.
ripyouoff is the Domain Name - this is the key here. The name just to the left of the Top Level Domain is always the actual registered domain name and this is where you will go. In our analogy, this would be a house.
respectedcredicardcompany - while in our thinking, being first (after www, of course) would mean precedence, this is untrue in domain names. This part of the URL is a sub domain. That is, it is a part of the Domain name. There can be more than one subdomain in a URL. In the analogy, this part would direct you to a room in the house.
So are you going to the respected credit card company? No, you are going to a house called Rip You Off, and in that house is a door with a sign, paint still wet, that says "Respected Credit Card Company" which leads into a room with con artist who will take you for all you have.
But lastly, if in doubt, call the company you allegedly got an email or instant message from. Your safety is important to them, because identity theft hurts them as well. They'll tell you what you need to know. ¶ 10:55 AM
Comments:
<< Home
Another common scam out there is based in third world countries. They win bids on ebay or contact you through craigslist. They will then ask to send you a money order from such and such a bank or through such and such an unknown online money brokering service. CLANG CLANG alarm bells.
If they use the money order route, they will "accidently" make out the money order for a couple of hundred (or thousand) more than the asking price and ask you to wire the excess money back to them. The money order hits your bank and bounces, but alas, you have already sent them their "change". Money sent through Western Union is irretrievable.
The other scam involves pretty much the same process, except they use bogus online banking services. I know...I listed a very nice quilting frame on craigslist for $125. I got an immediate response from someone who was "out of country" at the time. They would send their shippers to pick up the item. I answered the email all nice and chatty. (Quilters are notoriously friendly and chatty and always willing to talk about anything vaguely related to quilting. I expected that.) The second response, the one where they were telling me how they wanted to pay etc, was very strange. The English wasn't so good (which is always forgiven in honest people, but may be a red flag if the ducks aren't in a row) and they wanted to use an online bank I had never heard of. No "Oh I have always wanted a quilting frame!" chattiness, no address where to mail it or asking for directions to pick it up. I checked into the bank and it just didn't hit me right. I told them I had used paypal for years and that I would be happy to accept payment through paypal. They never answered. I did sell the quilting frame through an online quilting flea market that I had dealt with before. I was paid through paypal and everybody was happy.
Plenty of great opportunities on the web...you just have to use your head a little and play it safe.
If they use the money order route, they will "accidently" make out the money order for a couple of hundred (or thousand) more than the asking price and ask you to wire the excess money back to them. The money order hits your bank and bounces, but alas, you have already sent them their "change". Money sent through Western Union is irretrievable.
The other scam involves pretty much the same process, except they use bogus online banking services. I know...I listed a very nice quilting frame on craigslist for $125. I got an immediate response from someone who was "out of country" at the time. They would send their shippers to pick up the item. I answered the email all nice and chatty. (Quilters are notoriously friendly and chatty and always willing to talk about anything vaguely related to quilting. I expected that.) The second response, the one where they were telling me how they wanted to pay etc, was very strange. The English wasn't so good (which is always forgiven in honest people, but may be a red flag if the ducks aren't in a row) and they wanted to use an online bank I had never heard of. No "Oh I have always wanted a quilting frame!" chattiness, no address where to mail it or asking for directions to pick it up. I checked into the bank and it just didn't hit me right. I told them I had used paypal for years and that I would be happy to accept payment through paypal. They never answered. I did sell the quilting frame through an online quilting flea market that I had dealt with before. I was paid through paypal and everybody was happy.
Plenty of great opportunities on the web...you just have to use your head a little and play it safe.
Great post!
I have two very visible catchall domain email addresses, and sometimes get over 1000 spams in a 24 hour period. Lots of those are scams. Irritating as the dickens, but I can spot them without even clicking on them now.
Post a Comment
I have two very visible catchall domain email addresses, and sometimes get over 1000 spams in a 24 hour period. Lots of those are scams. Irritating as the dickens, but I can spot them without even clicking on them now.
# posted by 
: 9/13/2006 7:43 PM
: 9/13/2006 7:43 PM<< Home
