General chatter - Public Service Announcement - How to Identify Phishing attempts...




nelie
09-19-2007, 11:26 PM
I like many people have a gmail account that I use for personal email. I get all sorts of spam into my account including multiple phishing attempts. In the past week, I have received 2 phishing attempts claiming to be from Bank of America. I am tired of such emails and I feel sorry for whoever actually falls for them. So I wanted to give some tips on how to identify a phishing attempt. My comments are in blue.

Subject - Unauthorized Activity << Ok so you expect an email about unauthorized activity >>

From - Bank Of America <tp-verify@google.com> << a google.com account? Really? Bank of America isn't sending from their own domain anymore ? >>

Dear Bank of America customer, << If you aren't a customer then why are they sending you email? >>

In order to be prepared for the smart card upgrade on Visa and MasterCard debit and credit cards and to avoid problems with our ATM services, we have recently introduced additional security measures and upgraded our software.

<< Ok so the subject isn't about unauthorized activity >>

The security upgrade will be effective immediately and requires our customers to update their ATM card information. Please update your information by following the link given below.

<< A bank will never ask you to update your information by sending you a link. Also the story doesn't jive. If they are going to smart cards, then you will need a brand new ATM card. Also any bank would be able to transfer your current information >>


http://<some IP address>/online/sslencrypt218bit/online_banking/

<< They try to make it look legit by giving a link that has sslencrypt in it but it isn't https. Also, it doesn't have the bank of america domain but instead uses an IP address. I should also state that you should never ever click on a link in your email and provide personal data through that link. I'd avoid clinking links from email anyway. If you want to go to the site, then go to it directly >>


We are committed to delivering your quality service that is reliable and highly secure. This email is one of many components designed to ensure your information is safeguarded at all times. << They sound like they are doing you a favor and protecting you>>


Please do not reply to this message. For any inquiries, contact Customer Service. << They even tell you to contact Customer service >>

Copyright 1999 - 2007 Bank of America. All rights reserved.

<< Ok that is it... >>

So anyway, here are my overall tips -

1) Never provide financial or personal information on a link you receive from an email.
2) Check emails to see that the sender information as well as any links in the email actually have the proper domain (bankofamerica.com)
3) Know that any bank or paypal will never solicit for your information from an email.
4) Call the business to ask about anything you are unsure about
5) Never click on a link you receive on an email. Sometimes just clicking on the link can infect your system with something you don't want.
6) Overall, be cautious and suspicious of emails :)

That is the end of my public service announcement.


SoulBliss
09-19-2007, 11:40 PM
Thanks! I recieve "phishing" emails a few times a week. They usually go into my "spam" folder and then I delete them without opening them (I do this automatically because I realize that I don't have an account with company "x" and haven't ever used pay pal so how could it be valid, right?). It is so irritating to get these! How do they get our email addresses? :mad:

EZMONEY
09-19-2007, 11:55 PM
Thanks Nelie!

I just sent some $$$ to a nigerian guy....but boy am I gonna get rich...yahoo!


nelie
09-19-2007, 11:57 PM
Oh don't get me started on the nigerian scams...

Although i was talking to someone a few months ago and they told me that the nigerian scams go way back before the internet was popular. Businesses would receive faxes with the nigerian scams.