How to detect phishing emails 101
Wednesday, January 11th, 2006Phishing has become a pretty widespread problem these days online. I won’t blow it out of proportion with a bunch of wild and dramatic prognosticating, but it is an issue that is very prevalent, and without good education, it can become an even bigger problem. The only thing that makes it work is ignorance. With good education, it will go away, or evolve to something else.
Phishing, for those who don’t know, is when someone sends emails, in bulk, to random thousands of in boxes, while imitating a trusted institution, like your bank. These emails prompt you to click on a link and ‘verify’ your identity, or your password, or account number. They look just like the real thing, and take you to a site that looks like the real thing.
For a more comprehensive background, click here.
Like you, Dawn and I get 50 phishing emails a day. 99% go right into the junk folder, but the occaisional lucky one gets through. These are the emails that have the opportunity to fool people.
I’m going to show you what to look for and tell you the one simple step to make yourself 100% bulletproof.
Here’s a screenshot of the best phishing email i’ve seen:
This looks like a normal email on the surface. The from line is customercare@paypal. The subject looks official. It’s nice plain text and proper looking. Even the links appear to go to the real site.
STOP
This is where people get fooled. I’m telling you right now. All this stuff is EASILY faked. It means nothing. Ignore it completely. The from line is faked, the urls are fake. Everything is fake. This is all made to fool you by some crazed deviant in his basement who can’t figure out a legit way to make money online. (listen to me get all righteous.)It’s easy to do, and I’m not going to bore you with how it’s done.
Clue #1 - Paypal or your bank will never ask you to ‘verify’ your information. If you really truly think it’s real, then call your bank. Paypal has had to adjust the way they do business because of this problem, and they will not under any circumstances make you click on a link to re - enter your login and password information.
Clue #2 - Look at the red arrow. It’s pointing the to location bar on the bottom of the browser. You can hold your mouse over most links and see where they really go. You can see this one says http://www.paypal.com…….
That’s why this one is so good. It fooled me for a second. Look at the rest of the url. http://www.paypal.com.us-cgibin-web-cmd……….etcetc.
That url actually almost represents the real paypal login. Except for the .us part. That is a subdomain trick. It’s very nicely done.
So, we shouldn’t even really be looking at the email if you want to be totally safe. Here’s the ONE THING I want you to remember and practice every time you get an email from your financial institution.
Read the email. Close the email. Don’t click on ANY LINK
Say it with me…
Don’t click ANY LINK
PERIOD.
Close the window. If you think the email might have been real, open a NEW BROWSER window. Type into the location bar the address. Whatever it may be. www.paypal.com for example.
Login.
If it was a real email and there’s something you have to do, there should be some sort of notification upon logging in. If you’re still worried, call them.
That’s it. You’ll be safe 99% of the time. The only way you’ll get burned otherwise is if you download some malicious virus or other program that somehow redirects your browser. You can keep yourself safe from that by always keeping your security software up to date.
Other than that, you should be good to go.
Keep an eye on your inbox and never click the links.
That’s it. Over and out.
