The Phish Are Still Biting - Comments Page 1

Great info, Bob. Thanks so much.

My gmail always starts with who it is from, along with a rectangle that, when clicked on, displays the email's source. If I don't recognize it, or if it is especially different from the message that was sent, I quickly delete the email and am happy to do so.

Wednesday AM I got a phone call ostensibly from PayPal telling me I had to "reinstate my account" by calling another number and following their instructions. I didn't but I did e-mail PayPal to inquire if there was a problem. They haven't yet responded.

On AOL, phishing emails are as numerous as ever, and as transparent as ever. Someone must be biting.

The general public will always find ways to thwart the most well thought out and diligent attempts by software design and security professionals to protect them.

Why do these people never get caught and charged.If I were to set up a site doing things that was illegal, I would be traced and charged and my site shut down. Seems no one cares about these frauds.It is all up to the computer owner.

Only yesterday did I also receive an email claiming to be from Paypal telling me that there was a problem with my account and to log on to the web site contained in the body of the email to rectify matters.

I deleted it and then ran both of my malware programs to ensure that nothing nasty had been left behind. My computer was clean and had not been infected. David Guillaume

Why are Financial Institutions held accountable for PROMOTING phishing attacks?
Fidelity Investments emails account holders with numerous invitations to webinars, etc, that can ONLY be accessed by clicking a link in the email and logging in. The same offering is NOT available if the account holder uses his stored link to sign in.
At least two regional banks with whom I have accounts do the same thing. They are training their customers to become victims.

Hello Bob ,What do you think about pinger free text? and how
does it work.thank you Evelyn

EDITOR'S NOTE: See http://askbobrankin.com/send_free_text_messages_with_or_without_a_phone.html

Bob, thanks for a timely article. Just last week my wife received an phish email claiming to be a bank that she has an account with. It claimed that her account was locked and offered her a link to enter her account information "for verification". I'm so glad she called me into the offie to see this. This was the most authentic looking phish email that I've ever seen and I've been around for quite a while. Even the links had the banks name included which added reality to the scam.

Remember: NO financial institution will EVER ask for your account information on-line.

When in doubt always open a browser window and go directly to the institutions web site to verify the status of your account and check for messages.

As a side note: I have to agree with Wilson who wrote, "why do these people never get caught and charged. WHY!!!

BTW: I offered to send the email to the banks security department but they weren't interested.

In my address book, I have a "group" list of email abuse reporting addresses.
I forward such emails to all of them, hoping someone will nail the perpetrators.

I got the clear message about Phishing and never have fallen prey. If I can, I report the emails to the Company being exploited. Lately it has been mostly Paypal related, and I have been forwarding them to Paypal.

I am not surprised that they find victims, just not me.

To anybody who gets a phishing email purporting to be from PayPal: PayPal wants you to forward the email with full headers to spoof@paypal.com so that they can investigate it.

Great advice Bob. Its always the same email address of friends who send me those blank messages with just a hyperlink to click on. Initially I used to tell them but I am afraid I've given up now.

The other thing that bugs me are some of the software download sites that I used to trust who hide crapware away and its not always easy to spot it. I try always to go to trusted sites but I find I have to read very carefully what it is I am downloading.

I have never had any website that requires a username and password ever officially ask to have them verified. If you put your cursor on the link, somewhere on the screen the website where you will be going will flash up and it is always something different or something more than the site that it is purporting it will be.

Thank you Bob for another helpful article with intelligent and sensible information and warnings. My wife and I seek to be very careful and never open anything that either looks suspicious or appears to be coming from a sender that we do not know or have never heard of.

A few days ago my wife opened her email programme (Windows Live Mail)and immediately asked me to look at it as her inbox was downloading dozens of emails reporting failure to deliver emails, allegedly sent by her. The addressees were unknown to us and certainly nothing had been sent to any of them from my wife's computer by her or me.

It looked as though someone had used her email address illegally. We deleted all the suspect emails reporting a failure to deliver and I then ran three scans on her computer - Advanced System Care, Malware Bytes and Super Anti Spyware. Between them they identified 75 "Junk File" problems, all of which were removed.

We have received no emails from friends saying that "your address book has been hijacked" or words to that effect and there has been no repeat.

My questions are, was her computer hacked or was it an indication of phishing success. Do we need to change her email address or do anything more than what I have already done? Any thoughts from you or the knowledgeable folks who post on your comments page would be welcomed and appreciated.

To Martin Gouldthorpe

Strongly suggest changing the password on your wife's email account and making sure it is a strong password, i.e., does not contain known dictionary words, does contain alpha upper and lower case, and numeric, and is at least 10 characters in length with no repeating characters.

Because of all the bad email links, I am really paranoid about clicking on any. And that includes YOUR emails. They always say, "click here to read more". I trust that you, Bob, are being vigilant and click the link. But there's no guarantee that your emails and website are invulnerable (from what I hear, NOBODY is). So I may soon stop clicking your links.

I wish retailers that want to send me coupons or better display their wares would include a full link to their site, so that I can eyeball it for legitimacy and copy&paste and open in another tab. Instead, their emails just dsiplay hypertext links and "click heres" -- often their own retailing website isn't even printed in their email!

I don't fill out surveys if I have to click a link to take them, even though I may indeed have useful comments for the sender.

A previous poster was spot-on in saying banks are guilty themselves of fostering dangerous "click on this link" behavior (usually for more information on something, but it's still a link that may have malware). A few months ago, my bank both emailed and texted me Fraud Alerts to review (with links for "yes it was me" and "no this was not me"), and various people I contacted at that bank said either that A) the Alerts were legit or B) the Alerts were bogus.

So, please Bob, start by making your OWN valuable AskBob emails the model of how to communicate links without training readers to always trustingly click on links in emails.

EDITOR'S NOTE: There's a big difference between a link that goes to (for example) your bank which requires a login/password, and a newsletter link that goes to an article page. Email newsletters like this one do not require you to login in order to read the linked content. Apples and Oranges...

To Martin Gouldthorpe: I experienced the same thing with Comcast once. Even though they denied a problem I was able to trace it to them. I checked the headers to all of the messages that I received as you have described and saw that they were all legitimate venders and friends.

My account was not hacked nor was it the result of a phishing expedition. It was a technical problem at my ISP. I no longer use them for my email.

Bob, you recommend to use bookmarks, to be sure.
Please be aware that those bookmarks are not save, they can be changed without being noticed by you.
If you receive a suspicious mail, enter the known address manualy in the address field of your browser, otherwise you may get directly to the phishing address.

:-)

Regards from Germany