Internet: Phishers cast better net
Most of the time I ignore spam, including "phishing" emails. They are the ones that attempt to lure you into providing information that will allow perpetrators of fraud to break in to your bank accounts or steal your identity. With the rise of Amazon, eBay and Yahoo Auction accounts, phishers have extended their bad intentions to major online accounts. I see the attempts because it is a bad idea to set the junk mail filter to handle businesses one does use. Important email from those sources could be viewed too late or deleted. So, Friday, I received a phishing effort using a new hook. Usually, it takes maybe ten seconds to recognize an email fraud attempt. Since many of the operations are overseas, the name of the company or basic words, such as 'account' or 'deposit' will be misspelled. Or, the grammar and syntax will be off. Spammers also have difficulty getting their layouts to approximate the appearance of emails from companies they are mimicking. The email may say eBay, Paypal or Amazon, but use the wrong font or the wrong colors. Finally, one's email program can usually trace the path of the email, which will not lead back to the purported sender.
On Friday and Monday, I received two phishing efforts that I believe worth bringing readers' attention to. They are not the utterly inept norm. The first spammer attempts to get pass email readers' reflexive 'delete' or 'junk' response by painting the situation as an emergency.
Subject: Your Paypal account has been suspended
That statement alone will unnerve some users enough to have them click on the provided link, supposedly to "email@example.com." Actually, the link is to the perpetrators of the fraud, who will use it to capture information from unsuspecting and upset.
We regret to inform you that your PayPal account has been suspended due to concerns we have for the safety and integrity of the Paypal community.
Per the User Agrement, section 9, we may immediately issue a warning temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you,our users or us.We may also take these actions if we are unable to verify or authenticate any information you provide to us.
The fastest and the most efficient way of becoming unsuspended is by clicking on the link below,login into your account and provide us additional information. [Link to false site.]
*Please note that any seller fees due to Paypal will immediately become due and payable. Paypal will charge any amounts you have not previously disputed to the billing method currently on file.
Give these people a 'D' for determination. In addition to the phishing for Paypal account information, the email solicits donations to what is surely a phony tsunami relief fund. Click on that link and the victims will never see a dime of the money donated.
I received a more typical phishing effort using Paypal today.
Subject: Notification of PayPal Limited Account Access
It has come to our attention that your PayPalÂ® account information needs to be
updated as part of our continuing commitment to protect your account and to
reduce the instance of fraud on our website. If you could please take 5-10 minutes
out of your online experience and update your personal records you will not run into
any future problems with the online service.
However, failure to update your records will result in account suspension.
Please update your records on or before January 12, 2005.
Once you have updated your account records, your PayPalÂ® session will not be
interrupted and will continue as normal.
There is a link to use to 'update' your account data. The information you enter will be used to access your account at the real Paypal and remove the money from it, or, to steal your identity.
The phishing effort described first is more sophisticated than the second. Both the appearance of the email and the strategies used -- claiming an account has been suspended and faking the tsunami aid donations site information currently on many real web pages -- are heads and shoulders above most spam. Still, the most significant giveaway is present in both. The links they direct people to are unsecured. Online merchants use secure servers, recognizable by the prefix "https." Furthermore, Paypal will inform users of any problem with their accounts within the site, not by email, though email correspondence may follow.
There are several ways to protect yourself from phishers:
1. Use a separate email address not published online for your accounts with banks, eBay, Paypal, Amazon, Yahoo Auctions, etc. (The emails I described came to my blogging email address, which is different from my business email address. So, I was alerted to something fishy upon seeing them.)
2. Be careful how you enter sites where funds are stored. Instead of clicking links in emails, go directly to the site via bookmark or typing the secure address in.
3. Take time to filter phishing efforts using their real addresses. It will not eliminate the problem, but may help some.
About 65 percent of Americans are said to use the Internet regularly currently. The increase in usage provides increased opportunities for people who seek to take advantage of Internet users. Increased caution is the antidote to being taken advantage of by phishers and fraudulent sites.
The Web's most effective phishing scams use eBay and have resulted in thousands of identity thefts. Snopes.com describes how it worked.