How Not to Get Hooked by a Phishing Scam
May 5, 2011
Don't get caught in the most devious scam to take advantage of unsuspecting internet users.
I receive at least four phishing scam email per day. These bogus messages, claimed to be from well known banks, Ebay or Pay Pal. See a sample below. They use the companies actual logo, and make the scam look like a page from the web site they are spoofing.
Bottom line, never give out personal or financial information at the request of any email. Even if it looks legitimate, call the company to verify that the request is authentic.
The following article describes the phishing scam.
I've also included a screen grab from an actual phishing scam email, and a link to the FTC web sites phishing article.
On the Internet, phishing (sometimes called carding or brand spoofing) is a scam where the perpetrator sends out legitimate-looking e-mails appearing to come from some of the Web's biggest sites, including eBay, PayPal, MSN, Yahoo, BestBuy, and America Online, in an effort to phish (prounounced "fish") for personal and financial information from the recipient.
Phishers use any number of different social engineering and e-mail spoofing ploys to try to trick their victims. In a recent case before the Federal Trade Commission (FTC), a 17-year-old male sent out messages purporting to be from America Online that said there had been a billing problem with recipients' AOL accounts. The perpetrator's e-mail used AOL logos and contained legitimate links. If recipients clicked on the "AOL Billing Center" link, however, they were taken to a spoofed AOL Web page that asked for personal information, including credit card numbers, personal identification numbers (PINs), social security numbers, banking numbers, and passwords.
Phishing is a variation on the word fishing: fishers (and phishers) set out hooks, knowing that although most of their prey won't take the bait, they just might entice some to bite. The FTC warns users to be suspicious of any official-looking e-mail message that asks for updates on personal or financial information and urges recipients to go directly to the Web site of the company to find out whether the request is legitimate. If you suspect you have been phished, forward the e-mail to email@example.com or call the FTC help line, 1-877-FTC-HELP.
Click here to read an FTC article on the phishing scam.
These are actual phishing scam email message. PayPal assured me that they would never ask for personal or financial account information in this way.