So you get an email with the following in the Subject line:
Receipt of Your Payment to INPHONIC or maybe something similar. Never
heard of this company? Didn’t order a cell phone? Don’t even
own a PayPal account?
Smell that? That’s right, something’s
fishy alright. You’ve just been phished!
“Phishing”, also referred to as brand spoofing or carding,
is a variation on “fishing”, the idea being that bait is
thrown out with the hopes that while most will ignore the bait, some
will be tempted into biting.
webopedia.com defines “phishing” as: (fish´ing)
(n.) The act of sending an email to a user falsely claiming to be an
established legitimate enterprise in an attempt to scam the user into
surrendering private information that will be used for identity theft.
The e-mail directs the user to visit a website where they are asked
to update personal information, such as passwords and credit card,
social security, and bank account numbers that the legitimate organization
already has. The website, however, is bogus and set up only to steal
the user’s information.
Because it is relatively simple to make a website look like a legitimate
organizations site by mimicking the HTML code, these scams count on
people being tricked into thinking they are actually being contacted
by legit companies and are subsequently going to legit company websites
to update their account information. By spamming large groups of people,
the “phisher” counts on the e-mail being read by a percentage
of people who actually have listed credit card numbers with these spoofed
companies legitimately.
Want to see a real-life example? Here’s a screenshot of an email
my wife received yesterday. The subject line read, “Receipt of
Your Payment to INPHONIC”:
Knee-jerk Reaction: Well, I’ll be…looks
like someone charged an expensive cell phone to her PayPal account!
My Reaction: Honey, you don’t even have
a PayPal account.
Knee-jerk Reaction: Look! It even list the jerk’s name & address!
It must be legit.
My Reaction: That address returns un-reliable
results when plugged into either Google Earth or even Google Maps.
Must be why it’s
tagged as “Unconfirmed”. :rolleyes:
Knee-jerk Reaction: Darn right you want to dispute
the transaction (so you click the “Dispute Transaction” link.
My Reaction: This ought to be interesting.
Clicking the “Dispute Transaction” link.causes the next
screen to pop up.
Knee-jerk Reaction: Well I better logon and
address this issue right away! Consider yourself phished at this
point. You just sent your logon
and password to this guy’s personal computer.
My Reaction: This guy/gal isn’t even trying
hard. Look at the signs.
1. The url isn’t secure (http vice https).
2. Its not even pointing to paypal.com, rather it’s trained on some punk’s
IP address.
3. More than half of the links on this “page” don’t even
work.
4. Funniest of all, the link “protect your password” does. Clicking
it causes this screen to pop up:
The writing’s on the wall people. This dummy, either thru horrible
mistake or plain arrogance has linked PayPal’s real anti-password
theft advice. Pay special attention to point number one. It’s
basically what I pointed out in the prior screen.
So as you can see folks, it pays to pay attention. Look for the signs.
Stay alert. In this case, while my wife knew she didn’t have
a PayPal account, she knew I did. She thought maybe her name was on
the account and that’s why she got the email. But I knew:
1. Her name is not on the account. Furthermore, she doesn’t
have a PayPal account of her own.
2. I canceled the credit card associated with my PayPal account years
ago. I haven’t touched that account since then. It’s dead.
