Monday, June 13, 2005

A Phishing Primer

Picture credit: Stern
Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueI received this email today, related to some earlier blog postings on the epidemic of phishing.

Not sure what phishing is? Sure you do: it's the plethora of emails you receive asking you to reset your PayPal account information, notifying you that your CitiBank account may have been compromised, and a myriad of variations thereof. All are designed to get you to sign-in to a "false store-front" that appears to be a real financial site. But instead of logging on to a real website, your account and password data are sent directly to the crooks running the scam.

Back to the email I received. In part, it read:

We are trying to compose a short but clear guide to email to our customers and put on our site to warn our customers what to look out for - what is the customer information email you have seen? Would be great if you have some examples of the good, bad and ugly.

Here's a simple summary. The following is a typical phishing email, courtesy of Wikipedia:

From: eBay Billing Department
Subject: Important Notification

We regret to inform you that your eBay account could be suspended if you don't re-update your account information. To resolve this problems please click here and re-enter your account information. If your problems could not be resolved your account will be suspended for a period of 3-4 days, after this period your account will be terminated.

For the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us.

Due to the suspension of this account, please be advised you are prohibited from using eBay in any way. This includes the registering of a new account. Please note that this suspension does not relieve you of your agreed-upon obligation to pay any fees you may owe to eBay.

Safeharbor Department
eBay, Inc

This is an automatic message. Please do not reply.

If you ever receive an email purporting to be from a financial website, please follow this simple step:

Never click on a link in an email to visit a sensitive website. Visit the site directly by using your browser bookmarks or by typing in the address in the browser's address bar.

That's the easiest way to be a safe surfer in the wonderful world of phishers.

No comments: