Posted: Fri Jan 06, 2006 11:26 am Post subject: What is “Phising?”
There are con artists posing as legitimate businesses who send emails to clients requesting that clients verify confidential information online, such as usernames, passwords, and account numbers. This scam is called “phising.”
What is “Phising?”
Phising is the act of sending an email falsely claiming to originate from a legitimate source—such as a bank or credit card company—in order to steal clients’ confidential information to commit fraud and/or theft. These email messages usually contain links that, when clicked, leads clients to what appears to be a trusted organization’s website, or which generates a pop-up window, and requests that clients enter confidential personal and financial information.
What emails should I be wary of?
“Verify your account”—businesses will not ask for personal or financial information via email “If you don’t respond within 48 hours, your account will be closed”—phising emails are polite in tone, but will also contain a sense of urgency to try to trick you “Dear valued customer”—phishing emails are sent out in bulk and do not contain client names; most legitimate companies will address clients by name “Click on the link below to gain access to your account”—these emails may contain a link or forms that you can fill out, just as in a website. These links are “masked” (may contain the name of a legitimate business) and will lead you to the con artists’ website, which will look like a legitimate business’ website.
This type of scam is perpetrated with the help of malicious software called “spyware”—which is also known as adware, keyloggers, or Trojans. Spyware may be embedded on a webpage, email, or attachments to an email; once the infected item is opened, this software is secretly installed on your computer and may be capable of recording your keystrokes as you enter confidential information online.
How do I protect myself online?
Be wary of emails requesting that you verify personal and financial information online.
Be wary of clicking links on email messages—avoid clicking on any links on email messages unless you are very sure of the destination. Phishing usually contains links in email messages that upon clicking, will often take you directly to a phony site where you could unwittingly input your personal or financial information.
Delete suspicious emails without opening them and do not open attachments even if they seem to come from someone you knowTo visit your bank’s website, type the URL directly onto your browser or use your personal bookmark.
Be wary of messages that claim they contain “patches” to fix or upgrade your system; no software vendor sends out patches via email—they must be downloaded from the software vendor’s own website.
Report any suspicious emails to the legitimate originating source for investigation.
Check for security certificate before entering sensitive information on a website—you can check security certificates by looking for the yellow lock on the lower right of the status bar of your Internet Explorer browser; if the lock is closed, this signifies that the website is encrypted to protect you when you enter sensitive information onto the website. This symbol may only be present when the website is requesting you for your information but unfortunately, even the lock icon can be faked. For further safety, double-click on the lock icon to display the security certificate of the site—it should display the name of the website following “issued to”. If the name doesn’t make sense, it means that it’s a fake or spoofed website. _________________
Posted: Sun Apr 09, 2006 5:01 pm Post subject: Have I been almost duped?
I have an experience regarding 'phishing'. Two weeks ago I received an email from a dying widow who had inherited a large amount of money from her dead husband. She said she wanted to keep her husband's family from getting the money when she dies. So she contacted me as her 'chosen' beneficiary. She was in the proces of drawing up a will and was asking me for details so she can send my personal info to a bank in Nigeria. She even had her 'lawyer' email me to confirm she spoke the truth about her condition and her decision to will the money to a foreigner. Distrustful as I am, I couldn't resist entertaining the thought of having all that money. But being aware of phishing and knowing that some deceitful denizens of the Net do exist and will do everything to get what they wanted, I of course denied the offer.
Now three days ago her lawyer informed me she's dead and is now pressuring me to give my personal info so he could go on with the transaction with the bank. This time he's assuring me he will distribute the money to charities (bah! humbug!). When that didn't work, he told me a day after through IM that his wife and son had just figured in an accident and needed blood transfusion immediately. Obviously he wasn't showing signs of grief, shock or even sadness with what just happened to his 'family'. And he had the gall to call me 'babe' and told me his mother-in-law is coming (again hah!).
I'm a nice person really. I always give other people the benefit of the doubt. But when someone abuses technology like this, I get angry. We should be grateful we have the Internet today. It gave us so much power and open communications across geographic and language barriers. Let us not abuse what was given for free. _________________ Search Jobs | Search Resumes
I get many of emails from these lawyers too. Most of the time they write me that some important politician died in some country in Afrika (Burundy, Burkina Faso..) and that he inherited a lot of money (usually around $20 million). He usually wants that money transfered to US bank account for his family that wants to come over and I can keep from 5-10%. Another kind of emails that I get are that I have won in lottery and they are asking for credit card number. I wonder how much money are these people able to steal. _________________ Best online casinos and poker rooms
www.casinator.com
Posted: Wed Dec 06, 2006 12:46 pm Post subject: My experience
I've connected trough smtp servers and I've sent emails to my friends from billgates@microsoft.com and georgebush@whitehouse.gov .. As you probably figured out by now is I'm not any of them so .. dont trust emails from people you dont know. I dont even open emails I dont know what they consist of.
Posted: Mon Dec 11, 2006 8:07 pm Post subject: Re: What is “Phising?”
muhlach wrote:
phishing emails are sent out in bulk and do not contain client names
Is it true that they can include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites?
Posted: Mon Oct 01, 2007 8:04 am Post subject: can include official-looking logo
Sure they can include official looking logos because they are images, which can be copied - keep in mind in the vast majority of cases the the email sent is not addressed personally. In other words if your bank was writing to you they would address you by first and last name. In addition the bank is not going to have you verify something they already know.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Online Stats: 
Author(s) Online:
