- All Topics
Art & DesignAstrology & HoroscopesBlogHer ConferencesBlogHers ActBody ImageBusiness, Career & Personal FinanceCarsEntertainment & BooksFashion & ShoppingFeminism & GenderFood & DrinkGreen & Eco-consciousHealth & WellnessHobbies, Crafts & DIYLawLifeMedia & JournalismMommy & FamilyPolitics & NewsRace, Ethnicity & CultureReligion & SpiritualityResearch, Academia & EducationSex & RelationshipsSocial change, Non-profits & NGOsSports & FitnessTechnology & WebTravelWorldWeb site - Blog Directory
Blogroll A-ZArt and Design BlogsBlogHer Conference BlogsBody Image BlogsBusiness, Career and Personal Finance BlogsCarsEntertainment and Books BlogsFashion and Shopping BlogsFeminism and Gender BlogsFood and Drink BlogsGreen and Eco-conscious BlogsHealth and Wellness BlogsHobbies, Crafts and DIY BlogsLaw BlogsLife BlogsMedia and Journalism BlogsMommy and Family BlogsPolitics and News BlogsRace, Ethnicity and Culture BlogsReligion and Spirituality BlogsResearch, Academia and Education BlogsSex and Relationships BlogsSocial Change and Nonprofits BlogsSports and Fitness BlogsTechnology BlogsTravel BlogsWorld Blogs
- Conferences
- BlogHerAds
- Special Offers
Be the “Best Green BlogHer” and win Green Goodies! Get a free Smilebox subscription and enter to win an iPhone! Diaper Change Hall of Fame100% Colombian Coffee AdventureSony Reader Digital Book Prize PackCarpool to BlogHer ‘08 with GMGoodNites®: You Are Not AloneGE Caulk Singles SamplesHakia Asks BlogHer!Free: Nad’s Hair Removal StripsSpecial offers
- Using This Site
The mouse exposes the phish
by Laura ScottI received a rather alarming email today from what appeared to be PayPal, confirming an iPod purchase that I never made. I get well over 100 spam and phishing emails every day, but I confess this one made me blink.
This email was not from PayPal, but they wanted me to believe it was. "Hey, wait a minute!" I cried not quite aloud. "I didn't order any iPod!"
Of course I hadn't. And I had not been charged for any iPod. This was yet another tactic in the world of phishing, and I could only groan at how many innocent people will be suckered by it. It happens all too often.
Many readers will already know about phishing:
Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures.
The best way to deal with phishing is to recognize it when you see it. And here, your mouse is your friend. The answer is hidden in the links within the email.
If I'm not sure about the identity of the sender, and cannot dismiss the email out of hand -- e.g., I don't have a Wells Fargo account or eBay account, thank you very much -- I mouse over the link -- don't click* -- and see where it really links to.
Here, in this screenshot, I can see that the link takes me to some website called kiesz.com. (Note: Where the link is revealed differs between email programs. If the link doesn't pop up when you mouse over the link, you might see the link down in the status bar of your email program at the bottom.)
I'm not fooled by the http://www.google.com in the url -- that's just a trick to make you think the url is "safe," but Google will just redirect you to the pernicious site ... which will look real (but won't be).
If you do happen to click to the site, whatever you do, don't type in your private information! Instead, go to the institution's actual website and start there. For example, if the email was seemingly from PayPal, manually surf to paypal.com and type in your information there.
What is really dangerous (and imho evil) about these PayPal scams is that, in most cases, the thief will be able to get in and drain hundreds or thousands of dollars from your account before you notice. The same goes for personal banking accounts.
So whenever you encounter what smells like a phish, let your mouse check it out and avoid what could end up being a bear of a problem.
Happy Holidays!
*If you click, then the phisher/spammer will have confirmation that your email address is valid, and will be able to sell it to other phishers and spammers, and you'll only get more and more of this garbage in your in-box.
Laura Scott blogs on her business site, pingVision, and her personal blog, rare pattern.
Posted In
BlogHer Community
Event & Media Partners
Comments
That's a new one
I've seen a lot of phishing,but this one's new on me.
Although, here's a funny story that happened the other day. I got an email thanking me for my recent membership of an organization with which I was certainly familiar, but hadn't joined. It was unclear how I'd been charged, although it quoted a value for my membership. It seemed quite real in all respects.
So I called them.
Turns out one of the org's staff wanted to let me check out something for potential use at the conference,so they had created a dummy membership for me to go behind their members only firewall.
Of course her email telling me that only showed up after I had indignantly called the org and protested that I had *not* joined their organization!
So, in this case, and only in this case, it was not a phish, but a favor.
Elisa Camahort
BlogHer and Worker Bees
elisa@blogher.org/elisa@workerbees.biz
Cute headline, BTW
Just had to give props to the mouse/phish headline :)
Elisa Camahort
BlogHer and Worker Bees
elisa@blogher.org/elisa@workerbees.biz
Thanks, and please be assured
I wasn't phishing for props. ;)
Laura Scott
design, snap, blog
Re: The mouse exposes the phish
Unless the email addresses me by my name - not "Dear PayPal Member" - I know it's BS.
-Bob
bobafifi.com
usedflutes.com
fluteplayer.net
Lots of phishing has the user's name
So unfortunately that's not enough of a protective strategy for many folks, alas.
Laura Scott
design, snap, blog
Re: Lots of phishing has the user's name
hmmm... I've never seen it. Legit PayPal emails always address me by my registered name - not a generic "Dear PayPal Member." So far I've not seen any evidence that the scammers have access to that user info - if they did, why would they use "Dear PayPal Member" instead?
Thanks Laura,
-Bob
bobafifi.com
usedflutes.com
fluteplayer.net
I can't say I've seen it with PayPal
I have seen it with phishing faking being banks, though. I chalk it up to having a public email address.
Laura Scott
design, snap, blog
There have been so many
There have been so many phishing emails for Payp[al, that you can now forward a Paypal email that you think is suspect to "spoof@paypal.com", and they will reply letting you know if it was real or bogus.
~~ Contributing Editor, Mata H. also blogs relentlessly at Time's Fool
Good tip
I wonder what banks are doing, as they almost certainly must have a less tech-savvy clientèle, on average.
Laura Scott
design, snap, blog
Re: There have been so many
I used to send bogus emails on to PayPal, eBay etc. However, once I got wise that the scammers didn't know the name and email address I used to register with these companies, I simply set up rules in my email filters to screen for those keywords. I've had 100% success this way - legit PayPal emails go into their own folder, all the bogus ones don't and are easily marked spam and deleted.
-Bob
bobafifi.com
usedflutes.com
fluteplayer.net
I got this one too!
I got this one, but it wasn't an iPod, it was a Dell computer that I had supposedly bought. I must admit that, even as an experienced phish detector, I almost clicked that link.
I do still send them on to spoof@paypal.com and/or spoof@ebay.com, if only to alert them to the scam. The companies say they investigate -- I hope they do.
Mary
The Blog: Red Nose
The Book: Girl Clown