Have You Been Phished?

I get a dozen phishing attacks a week. Sometimes it's an alert that my bank access has been frozen, and to click the link to restore - but I don't have an account with that bank. Or sometimes I do have an account with that bank, but the email comes to an account that that bank doesn't know about.

I got that "Reset your Netflix credentials" message - but I don't use Netflix.

Yes, I'm paranoid about phishing attempts, but the big question remains; Am I paranoid ENOUGH?

Thanks Bob, another excellent reminder.

Is there any harm if one of these emails is just opened? Or do you have to click on something within the message to download malicious code?

I have had a few of them. What I do is the following: see if the real corporation or whatever has a site to report Phishing or Spoof. Then go to more in my Yahoo mail where I received this, Copy the whole raw header and then do a send to the real Corporation, pasting the header. Usually, I get a reply back from Corporation in that they have received my email and will be looking into it. I never reply to any directly.

What about http://www.checkshorturl.com/ to view source of short URLs?

EDITOR'S NOTE: I mentioned that site in the article. :-)

Get even. Forward the email to me@rescam.org.
Rescam has bots to turn the spammer or phisher lives into hell by answering the email you forward to them and acting as if it's you and wasting their time.
You can check how it works here
https://www.netsafe.org.nz/rescam/
Enjoy fighting back.

EDITOR'S NOTE: Interesting idea, but I can't give it a thumbs up. First, most scam emails do not have a valid reply address. And the ones that do may have been unknowingly sent by someone with a compromised email account.

Lucy; Generally, opening the email itself is safe. It's the attachment or the links that would cause the problem.

Hi Bob. I get anywhere from 1 to 5 fishing emails daily. One thing I do is hold my cursor on the from address. Most of the time the address that comes up is different from the one shown. I've received 5 emails from my "Wife's Sister" the address is not from her, 2 of them came with a .jp
and 2 from a college. It's too bad a great thing like the internet is used for bad.

The worst part about all these phising attempts, and what also seems to make them more real, is that I get alerts from some of my credit cards, and even the credit monitoring agencies that include legitimate clickable links in them. They should know better than this!

It then gets to the point that you have no idea which is good and which is bad, so my policy has become that I NEVER click on a link inside an email..NEVER,NEVER,EVER!

I always go directly to whoever supposedly sent me the email, and log into their site directly.....I never have a problem that way.

I want to give props to my company for proactively combatting phishing attempts. In particular they periodically send out test messages that simulate phishing emails in one or several ways, to see if employees fall for them and click on the links. Most of the time I can spot the pseudo-phishing email, but once or twice I've been lax or inattentive and been caught. It raises our awareness, and makes us more cautious in the future.

I don’t bother to click on links in emails. Many of these phishing emails note that there is an issue of some kind with an account (bank, service provider, some other entity.) So, I go to the Website directly to log in and see if there really is some sort of issue with my account. Normally, if there in an issue of some kind, I will have a notification once logged in. If I don’t see a notification, but am still unsure, I will call the entity in question. Sometimes if I have a little extra time, I might take a look at the email headers and/or the URLs out of curiosity. But, I really don’t need to since I’m not going to click on the links anyway.

I have a 100% effective filter for phishing emails. It resides between my ears. Most of these attempts are glaringly obvious, and get deleted immediately. If it's from someone I don't know, and unexpected, it gets deleted. Any emails from people I do know, I never open any links, Any emails from alleged banks etc, I go to their site and check directly whether I need to re-enter any personal details, or need to change my password. It really is so easy to check if the email is genuine or not, that I am constantly amazed at the number of victims that scammers can reel in.

I agree 100% with Brian's reply if I don't know
them and some thing don't feel or look right, Out
they go that fast, some people can't resist that
urge to open them up, thinking they just might
miss out on something, ......

Happy Holiday, And Merry Christmas To All

Older and retired, I shop online all the time, so often get those "shipping information scam emails. Unless it's from the seller, I mark as scam.

1- Find the *real* URL used.
2- Get the CMD Line "Whois" or use https://whois.icann.org/en, and do a WHOIS on that fake URL
3 - in the answers, look for "Registrar Abuse Contact Email:" and send the PHISH to that ID.

Hopefully, that domain handler will rid themselves of their abusive customer

I think I may have been suckered by an ostensible feedback form for a recent flight on Delta airlines. In the end, I got cold feet and didn't finish the form, because it offered me to choose a reward for my time. Delta never did that before! I don't think I released any "sensitive" info, but who knows what techniques these guys can come up with to analyze their big data?

The solution is very simple: go directly to the website mentioned in the suspicious email on your own. Also I hover over the source, which often turns out to be from Germany (a lot of them lately) or someone else's legitimate email that has nothing to do with the subject matter.

I know how well some of these phishers can manipulate everything regarding point of origin. One produced a header that looked totally legitimate, as having come from my email provider. I mean down to the last line. I forwarded it to the provider. Some phishers are better at it than others.

"When in doubt, don't click a link in an email. Instead, go directly to the site via a browser bookmark, or by manually entering the" ...Something's missing here. I think most of you all could figure it out, but not me. :)
Is it: URL? address as given? Can I copy/paste the URL from the email to new tab?
PS Thanks, Lucy for asking about opening the email; Thanks, Ken for answering!

EDITOR'S NOTE: Yes, I've corrected the text, thanks.

Just a few days ago I got a link for my credit card bill from Bank of America. The next day I got a link to my credit card bill from Bank of America. Needless to say, one had gibberish as the from address while the other was what I expected. I always keep the previous month's bill in my email until I pay the next month and it was easy to go back and compare to make sure the one I expected was correct. I guess I need to add the from addresses to my password manager. I use KeePass and it has a place for a note. Very handy program and quite easy to use.