Latest Phishing Scams
Phishing is the hacker's sport of fishing for gullible victims who will click on anything, and is an ever-evolving enterprise. The bad guys are constantly coming up with new bait that looks, smells, and tastes almost exactly like the real thing. But if you bite and click on that email or URL, you may get your identity stolen; your computer may be enslaved by a spammer's botnet; or you could download a virus without knowing it. So it's a good idea to be aware of the latest trends in phishing and the most widespread snares. |
Trends in Phishing Scams
A bit of bait is likely to be disguised as something familiar from a popular, trusted source. That may include a large bank, famous-name retailer, government entity, distinguished non-profit organization... or your Mother.
A year ago, the phishers were a lot more obvious. Phishing emails had lots of typo's, grammatical errors, and the clones they created of popular sites were good but not always perfect. Lately, I've noticed that the bad guys have taken their game up a couple notches. The emails they send look almost EXACTLY like the real thing, and their fake sites designed to trick you into giving up your username and password are near-perfect clones of the original.
I recently got a notice from GoDaddy informing me about a transaction that supposedly took place. It was fake. The next day, I got an order confirmation from Buy.com which was also fake. Interestingly, neither one asked me to click any links in the message. The clever ruse is that you probably know that you didn't buy anything from the company, and your sense of curiousity or indignation may tempt you to click.
Social networking is all the rage these days, so it's no surprise that many recent phishing exploits involve Facebook, Twitter, MySpace, and other social networks. A "friend" request from someone on Facebook excites curiosity; you're inclined to click on the link in the email to see who the person is. You're even more inclined to "reactivate" your Facebook account if you receive an official-looking email saying it's been deactivated for some reason. But in each of these examples, you could get hooked by a phisher. The "approve friend request" link may trigger a virus download. Following the instructions to "reactivate" your account may involve giving personal information to someone who doesn't work for Facebook at all.
Proactive Phishing Protection
To avoid getting hooked, first make sure you have good up-to-date anti-virus and anti-spyware protection. (See my related articles Free Anti-Virus Programs and Free AntiSpyware Programs.) Also, take advantage of "previews" offered by many email clients and Web browsers. Hovering your cursor over a link embedded in an email will show you the actual web address. Make sure it shows the site you want to visit, and not something subtly different. This advice is good for all emails you receive from ostensibly trustworthy sources, such as your bank or credit card company. If a URL looks "funny" the joke may well be on you. To be even safer, just manually type the address of the site you want to visit, or click on a verified bookmark.
Twitter tends to suck the thoughtfulness right out of people's brains. Tweets are short, offering little to think about; and they are numerous, inclining people to be hasty in processing the never-ending flood of stimuli. "Check out this awesome sunset" and a cryptic shortened URL is all a phisher needs in many cases.
URL-shortening services such as TinyURL.com, Bit.ly, Is.gd, etc., now offer previews of the full URLs they shorten. When you click on http://is.gd/Xsy1 (a made-up URL) you go to a preview page that shows the entire original URL and how many times people have accessed it via the Is.gd shortened URL. You still may not recognize the domain of the URL but you can look it up in Google before going there.
Not all phishing is done on the Internet. If you rely on caller-ID to tell you who's calling, you may be vulnerable to a popular phish. It is possible to alter the caller-ID data that comes with a voice call so that the caller appears to be with your bank or employer. Whenever someone claiming to be from a trusted source starts asking for sensitive information like your password, just say you don't reveal such things in phone calls. Stick to that story no matter what.
Do you have something to say about phishing scams? Have you seen a very clever example lately, or do you know someone who got hooked by a phishing attempt? Post your comment or question below...
|
|
Share this article with friends! |
|
Posted by Bob Rankin on 25 Jun 2010
| Need More Help? Try the AskBobRankin Updates Newsletter. It's Free! |
 |
Prev Article: Graphics Card For Laptop |
The Top Twenty |
Next Article: Cellphone Accessories |
 |
|
Link to this article from your site or blog. Just copy and paste from this box: |
There's more reader feedback... See all 15 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter |
||
|
Copyright © 2005
- Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google. |
||
Article information: AskBobRankin -- Latest Phishing Scams (Posted: 25 Jun 2010)
Source: http://askbobrankin.com/latest_phishing_scams.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Free
Most recent comments on "Latest Phishing Scams"
(See all 15 comments for this article.)Posted by:
Pantagruel
26 Jun 2010
Some institutions (ie Paypal) appreciate receiving a "forward" of these emails. For Paypal, I forward them to spoof@paypal.com Exposure helps fight fraud.
Posted by:
andrew gibson
26 Jun 2010
yes i was phished the other day , paypal wanted all kids of personal info . i have macmini , thought we were impervious . spammed it as soon as i saw paypal . never used it ever .be aware ..andrew
EDITOR'S NOTE: Just in case you're confused about this... it wasn't Paypal that phished you! It was someone trying to LOOK like Paypal. And having a Mac will NOT protect you from email phishing scams.
Posted by:
andrew gibson
26 Jun 2010
yes i was phished the other day , paypal wanted all kids of personal info . i have macmini , thought we were impervious . spammed it as soon as i saw paypal . never used it ever .be aware ..andrew
Posted by:
becky biggers
27 Jun 2010
yes I recently got an email stating I had won 2 million dollars on the lottery an i needed to contact my claims agent It stated I had won because all email addresses were entered into the lottery what a joke they never stop
Posted by:
Kearney Bothwell
28 Jun 2010
Had a friend whose AOL account was hacked and used to send out one of the "stranded traveler" scams. I replied, cautiously, because the original email didn't quite ring true. Figured it out when my "friend" wouldn't give me the name of the hotel he was staying at in London and insisted that the only way he could get home was if I (or the other suckers sent the email) sent him the money by Western Union.
I was really disgusted that there was no way for me to forward the email to the e-crimes unit of the Metropolitan Police, or any other law enforcement agency. I would have loved to help set up a sting to catch the guy.
I also contacted Western Union, where Customer Relations only response was to tell me to report it to the cops. I sent back that it would seem that WU could take action to prevent its services from being used obtain monies fraudulently, to which customer relations replied that they had forwarded my email to their security people.
Seems to me, we need some way to catch these crooks in the act!
Posted by:
Nancy
29 Jun 2010
I'm pretty sure I was phished the other day, but I did not open the email to find out! It came from Internal Revenue Service and the subject was "Under-reported income." We all fear the IRS and might just want to cooperate to avoid being investigated. So far I haven't gone to jail.
EDITOR'S NOTE: I don't think the IRS would email you about that. You'd get a letter in the mail for any official communication.
Posted by:
Dwight N.
02 Jul 2010
If someone calls and says they are from your bank, look up the bank's number if you don't already have it and call them back. Then you'll know you are really talking to someone from the bank.
Posted by:
nadaman
05 Jul 2010
I get at least 4 phishing spams/week. Experienced a new wrinkle last week. Responded to a Craigslist HP laptop ad with an attractive price...didn't hear back for 3 days, then received a sweet response from "Amber" saying laptop gone, but HP is doing a promotion and giving away free laptops...she and several of her friends had done it, and I could too, if I hurried to the link supplied, which appeared official, asking for much personal info. When I went to The HP site on my own and searched the promotion..."Choose Your Color", nothing of course. So the phisher waited 3 days to scoop in laptop hungry people, and phished them all at once to prevent them being warned off.
Posted by:
rett
06 Jul 2010
interesting info, as for me I use ProteMac LoginTrap (protemac.com)
Posted by:
Don
15 Jul 2010
A fun way to check for Phishing is to look at the message source. It tells you the address of the message originator, the reply addtess and all the servers that handled your message. Look at some real messages and some scams and you will probably see scams passing through a lot of wierd e-mail addresses.
To view Message Source:
Right click on the message in your inbox
Left click on Properties
Left click on Details
Left click on Message Source button.
Left click on Full Screen button (Makes it easier to read) (Button next to the red cross, upper left)
If the message comes by a convoluted route through a lot of strange E-mail addresses, it is probably something you do not want to open,