Information Systems: Jason's Web Site Tips:
It's time to go phishing, but don't bring a rod and worms, just have your personal information handy!

April  25th, 2008
By Jason Levy

 

 

WARNING:

Your Bank account has been compromised!  Hurry and click this link to update your bank information! If you do not follow our instructions within three hours WE WILL CLOSE YOUR ACCOUNT.

Copy and paste this link if the one above does not work -->  http://bankofamercrest.wigsforalloccasions.cn

Sincerely,
Bob Richards
Vice President
820-485-7226

 

How often do you receive emails like the one above?  Even with spam filtering services fighting fervently for you, some will still find their way into your inbox.  The example above is a prime illustration of a "phishing" attempt.  Please don't confuse this "phishing" with the "fishing" you and your grandpa used to do on a hot sunny day on Lake Hopatcong.

The concept is relatively the same though, except instead of luring fish with worms, phishers fraudulently try to lure people into providing financial information and passwords (credit card numbers, social security numbers, bank account numbers, ATM pin numbers, etc...). Phishing can occur through email, web sites, instant messaging, and even by phone, which is known as "social engineering".

The email example above from "Bank of Amercrest" is a prime example of a similar email I receive periodically.  Luckily, I don't have an account at Bank of Amercrest, but if I did, how could I tell if the email was legitimate?  Below are some ways to help combat and differentiate phishing attempts from possible real emails and web sites.

  1. Look for spelling and grammatical errors.  Would your bank send you an email peppered with spelling mistakes?  Does your bank even know your email address?

  2. Look for an odd web site address within the email.  See the example above from Bank of Amercrest.  The beginning looks OK, but the ending of the web site address is quite odd.  If it was really from your bank, the web site address would be http://www.yourbank.com, not http://www.yourbank.somethingelse.moreinfo.cn

  3. If your bank is located in the United States, why does their web site end with "cn"?  Chinese domain names end with "cn".  Most web sites in the United States end with ".com".

  4. In addition, even if the domain name displays as http://www.yourbank.com, it is possible the link was manipulated and will still bring you to http://www.yourbank.somethingelse.moreinfo.cn   (<--- click this link to see what I mean.)

  5. NEVER click on hyperlinks within questionable emails.  If you receive an email stating that your bank requires immediate action from you, I would recommend two options.

    1) Open a web browser and type in the web site address, log into your account, and look for new notifications that stand out to you.

    2) Call your bank from a phone number provided on their web site (after you followed step 1) or call a phone number listed on the back of your ATM card (not the number provided within the questionable email).  This phone number is the phisher's cell phone, or worse... it is a foreign phone number that charges $200 a minute.  How long do you think you will be put on hold until you hang up?

It is an unpleasant feeling to receive an email that your bank is closing your account, or that the IRS will be auditing your tax return, but before you become a phisher's next victim, click on links and provide your sensitive information to a third party, please use caution.


Please feel free to contact me with questions.
Good luck!
Jason