Phishing (pronounced the same way as fishing) is the act of con artists and scammers to get you to reveal information that they can exploit. Here is a typical example of one I get several times daily:
One of the first things you will notice, is the very poor grammar (denoted in red, and yes, this is an ACTUAL email I received). No legitimate company would let something like this slip out. Most have an army of people that must approve all mass communication. In addition, though I removed the links in this email, mousing over any link reveals a site that is not blizzard.com battle.net or worldofwarcraft.com.
How do I know if an email is legit or not?
The easiest way is to log into the site in question manually. NEVER CLICK ON ANY LINKS IN THE EMAIL. If you get an email that says your paypal account is compromised, open a new web browser, browse to paypal.com and login and see. The vast majority of the time, you’ll find that your account is fine.
Secondly, look message header. This is often times hidden and different email clients use different methods to display it, but here is the header from the message above:
Delivery-date: Tue, 08 Mar 2011 18:24:15 -0500
Received: from exprod6mx228.postini.com ([184.108.40.206] helo=psmtp.com)
by cpanel3.broadst.frontline.net with smtp (Exim 4.69)
for <removed>; Tue, 08 Mar 2011 18:24:15 -0500
Received: from source ([220.127.116.11]) by exprod6mx228.postini.com ([18.104.22.168]) with SMTP;
Tue, 08 Mar 2011 18:24:10 EST
From: =?utf-8?B?QmxpenphcmQgRW50ZXJ0YWlubeKAi2VudA==?= <email@example.com>
Subject: world of warcraft – account
Date: Wed, 9 Mar 2011 07:24:08 +0800
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-pstn-levels: (S: 0.00179/87.40151 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings: 5 (2.0000:2.0000) s cv gt3 gt2 gt1 r p m c
X-pstn-addresses: from <firstname.lastname@example.org> forward (user good) [1797/71]
Note the areas in red. The return email is gibberish. Even us here at Rocky Mountain Expert Computer Services would email you from email@example.com not GHHEES@rmecs.com
The third way you can determine if an email is legit or not is to forward it to a companies fraud department. Each site usually has a mailbox set up for these kind of emails, all you do is hit forward, type in the fraud email address and then delete the original message. This will help them send out alerts to their users and possibly shut down phishing sites.
These phish are scaring me, how do I protect myself?
- Never click on a link in an email unless you were expecting it (ie: a site asks you to verify your email and YOU initiated it).
- Be a skeptic. If my warcraft account is locked, I shouldn’t be able to login to it.
- Be an english teacher. Most of these are carried out by people that English isn’t their first language. If things are worded funny, take notice
If you do accidentally click on a link in a phishing email, change your password on the web site immediately. Depending on what kind of website it is, you may also need to contact their support department, for example a bank. In the end, these attacks only work because people don’t think before they click