Back to Basics Internet Safety: Phishing Scams

This is the second in a series of articles with some simple but important tips on how you can keep safe on the internet.

By Staff Editor, PK

Welcome back! I hope you enjoyed my first article on Password Security; I also hope you went through and updated all of your passwords to something reasonably complex. Today we’ll take a look at Phishing Scams; many people have heard of phishing scams and know that the Nigerian Prince who’s contacting you via e-mail is full of bologna. By the way, my email spam folder is so full of Canadian Viagra advertisements that it should be able to stand at attention and salute, well ok, maybe not the best mental imagery, but you understand.

Phishing is an internet term, which means that someone is fishing for a sucker, and they’re hoping you’re the fish/sucker that takes the bait.

For the newer folks out there who may not know all about this; Phishing is usually when someone like our aforementioned fictional Nigerian Prince, sends you an email and claims that you’re a long lost relative, or his First National Bank of Nigeria has determined through a random lottery (which you didn’t even know you entered) that you have won fifty-million dollars. All he needs are your personal details, like your bank account numbers which he’ll use to wire you the money, as soon as he’s done emptying your bank account that is. Do people actually fall for this? Since the emails keep flowing from his royal highness, I’m going to sadly say that the answer is yes. P.T. Barnum wasn’t kidding when he said a sucker is born every minute, and there must be a boat load of them out there for this to keep working. I’ve gotten emails saying that I’ve won national and international lotteries from people claiming to be lawyers, military officers, and even one from our long passed President Ronald Regan. Have to love scammers who don’t keep up on history, but cheesy emails like this are the easy ones to spot.

Just because I know someone will ask, “How can you be so sure one of these emails saying I’ve won money isn’t legit?” Friends, if you’ve really inherited some royal person’s estate, or won a large sum of money from someplace you’ve never heard of. The legit ones (if they exist) would send you a letter via a real lawyer, or somehow track you down in real life. I know that sounds like a Disney movie, but if it’s really going to happen, they’re not going to just send you an email and hope you see it, they’ll actually find you. Anyway, most email providers have it setup that when you report a message as spam, it lets them know to help out and block those emails, or just automatically sends them to your spam folder so they wont bother you. Although like I said, those are usually the easy messages to spot. It’s the ones that look real and professional you have to worry about; that’s the major problem with modern day scammers who solicit via email. I tend to get a lot of these messages to, emails from companies saying that I have an account with them that needs immediate attention and to please click the included link.

Companies like eBay and PayPal send out emails to their customers on a regular basis, and these are two of the largest companies around whose customers get hit with fraud due to scammers. The thieves will send an official looking email that has the right logo, and has what looks like the right email address for the sender. But look closely, does the address of the sender say something like “free.money@ebay.frodo.net”? The scammers do this a lot; they’ll set up a website that looks almost identical to the real one, using a fraudulent address with the name of the real company in it to trick you. You’ll get emails saying your account has been compromised and you need to click the included link immediately to keep your account from being deleted, things of this nature. You click the link and try to log into your account on the fake website, which in turn gives the scammers your login information that they’ll use to get into your account and clean it out, or just hijack it for the purposes of spamming other users of the service who may have deeper pockets than you. Be vigilant my friends, keeping an eye out for these kind of suspicious phishing emails will help keep your accounts safe from thieves.

If the email is from a company that you know for sure that you don’t have an account with, just mark it as spam and ignore it. If you get an email from a company you do have legitimate account with, then don’t click the link in the email. Even if you feel the message may be real, go to the website directly by typing the actual web address in your browser, logging into your account from there. If you have a message from that company waiting, it’ll be in your message box on the website. Unless you know the sender is absolutely trust worthy, never click a link in an email. I haven’t personally experienced it, but I know of cases where a phisher will spoof an email address in an attempt to defraud someone. Such as an elderly person may get an urgent message from a son/niece/godson, etc; saying that they need money to get out of jail or to help prevent their home from being foreclosed on. First off, if you’re in jail, you’re not going to be sending any emails. The most common trick is to find an email from someone’s relative and spoof it, say the real email is johndoe@YouThinkImARealAddress.com and the fake email is john.doe@YouThinkImARealAddress.com .

Do you see how I made the fake address? I created the fake one by simply inserting a period in between the first and last name of the person, thus making an email address that looks like the legitimate one. This happens quite a bit with scams; similar to how people make fake websites in an attempt to defraud those not wise to what’s going on. In the event you receive an email like this, someone claiming to be a friend or relative demanding money, and you’re sure they haven’t been having issues before. Do the good old fashioned move of picking up the phone and calling that person, verify what’s going on. Emails are but one of the various ways people try to phish for your information online, and it’s pretty similar to the old click this link bit. If you happen to be a devoted user of Twitter, then you may occasionally get a direct message saying “check out what this person has been saying about you”. If you click that link and it tells you that you need to login to Twitter, then 99% chance it’s another phishing scam. I’ve seen those, clicked on the link and seen the website it was set to was a fake Twitter login screen; the fake site logs into your account and starts spamming your friends with advertisements.

One more quick note on email scams, as there’s more than one way to make a fake email address. A person can have any email address they want, and then use their mail client to “send as”. You may or may not have seen this in the settings of your email client before, the ability to have a specific name or email address presented to the person receiving your message. So if I wanted to, I could send an email and have it show as having come from the President of the United States. However you can find out pretty quickly if it’s legit, hover your mouse cursor over the name of the sender, and it many times will show you the real name. It also depends on the email client you’re using, as there are sometimes a side option to show more information. Any message you get, asking you for your personal details, or saying you’ve won something nine times out of ten is going to be a scam.

Bottom line is, if it seems too good to be true, it usually is.

Stay tuned to Krypton Radio, and my next article on Back to Basics Internet Safety: Social Engineering.

-30-