AntiOnline Spotlight: Gone Phishing
Best Buy, Symantec, Citibank, eBay... What do these companies have in common? Scammers are banking on their good name to trick users into coughing up valuable information. Protect yourself and your staff.
Pastdue Account! Re: Your Order! Important Message from AOL!
Such alarmist subject lines are usually met with a disgusted eye roll and a quick press of the delete key. But unfortunately, not everyone seems to be able to tell the real bank, brokerage, ISP or store e-mails from the fake ones. As a result, countless users are forking over their account information to scammers and laying the groundwork for identity theft ploys that are all the rage these days.
Phishing schemes can range from surprisingly convincing to ridiculously shoddy. Many of them employ mass-spamming strategies in the hopes that someone, somewhere has an account with the corporate entity they are pretending to be.
Since the number of account holders for these firms range in the millions, the odds are in the scammers' favor.
Administrators, sadly, are often caught in the middle. Many users simply assume that IT will protect them from any and all Internet threats. One message admins can drill into their staff: to avoid becoming a victim, do not follow any email links, ever.
If users can't shake the feeling that there may be an issue with their accounts, it's best for them to pick up the phone and the call customer service number (usually toll free to boot). Alternately, they can review their accounts online by manually entering the URL of the bank/online store/etc. and taking it from there (making doubly sure that the little padlock icon shows up in their browser once logged in).
I'd be nice to think that all computer users know how to look out for themselves. By educating them on how to look for some warning signs, perhaps one day they will.
Note: The opinions expressed below are solely those of the individual posters on the AntiOnline forums.
This week's spotlight thread:
whizkid2300 didn't need years of specialized training to spot this pathetic phishing attempt.
I recently was looking through my email and got this. First problem I see is half the words are spelled wrong, second the web address, and third and most importantly. "I DON'T HAVE A CITI BANK ACCOUNT."disturb tells us that Citibank isn't the only name getting dragged through the mud.
This goes on my nice try of the week list:
Dear citi_bank Members,
This leter was sent_ by the Citi-Card _server_ to veerify _your_ email_ adderss_. You must complete this process by clicking on_the_link below and enttering in the smmall _window your Citi_Bank Debbit Card Nummber and card pin that you_use in_the _ATM_. That_is done for-your protection -i- becaurse some of our _members_ no_longer have access to their E_Mail _address_es and we must verify it.
To verify your _e-mail_ addres and akcess your_ Citi account, klick on the_ link _below_.
That same thing happened to me yesterday, but instead it said that it was from Norton Antivirus. I don't have Norton so I just deleted it.Meanwhile, Ms. Mittens delivers this handy link for keeping up-to-date with the latest phishing schemes:
Worthwhile to visit this website to keep up to date on various phishing attempts and to forward phishing attempts so that others will learn/be aware.Do you have an amusing, scary or otherwise educational phishing experience to share with the rest of the class? Do so here.
What is AntiOnline?
AntiOnline (AO) is home to many of the most popular network security discussion forums online. Here, participants engage in candid, thought-provoking and enlightening exchanges on the latest hazards and how to protect your systems against them.
We invite you to join the AO community (it's free!), share your wisdom and learn a few things in the process.