Ever received an email from eBay asking you to verify your account?
Or from e-Gold warning you to login to your account otherwise it will be suspended?
Or from Yahoo Mail asking reactivation because your account has been hacked?
If you dismissed the email and simply deleted it, good for you.
But if you opened it, clicked and accessed the link, and tried to login to the website,
congratulations, you have just become a victim of a phishing attempt.
Phishing (pronounced “fishing” as in “fishing for information”) is a type of deception designed
to steal one’s personal data such as credit card numbers, passwords, account login information, etc.
The phishing email usually looks like an official letter from a trusted source, such as a bank,
credit card company, payment processor, or online merchant. Phishing emails normally direct recipients
to a fraudulent website where they are asked to provide personal information.
This information is then used for identity theft.
How a phishing website works is explained in the “Beware of the fake egold website!” article.
Sample phishing emails can also be seen in our collection of Phishing Emails.
How to check if an email is a phishing email
Here are some things to look for if you think an e-mail message is a phishing scam.
* Suspicious subject headings
Most phishing emails alert you that something is wrong with your account, and email subject headings
are used to entice you to open the mail and follow instructions outlined in the email.
Most phishing emails usually use any of the following subject headings.
– Account Alert
– Account Incident
– Account Issue
– Account Renew
– Account Review
– Account Suspended
– Avoid your xxxx suspension
– Check your account
– Confirm that you are the real owner of xxxx account
– Confirm your xxxx account
– IMPORTANT: Your xxxx account has now been suspended and may be terminated
– Notification of xxxx account update
– Notification of Unclaimed Parcel
– Password Change Required
– Protect your xxxx account
– Restore your account access
– Second (third) notification
– Steps to remove limitation
– The Security of your account
– Unauthorized access report
– Unauthorized account access
– Update your xxxx account
– Verify your xxxxx account
– Warning – Your email account will be closed
– Your account might be compromised
– You have successfully updated your password
– Your email requires verification
– Your profile has been updated
* Sense of urgency
Phishing emails usually use the line, “If you don’t respond within 24 hours,
your account will be closed.” These messages convey a sense of urgency forcing you
to respond immediately without thinking. They want you to quickly click and visit the
link and access your account in the fake site.
* Spelling or grammar errors
A legitimate company would take time to proofread its email so that no spelling or grammar
error appears in the email. Senders of phishing emails usually do not.
* Unspecified recipient
Phishing messages are usually sent out in bulk and often does not specify your first or last name.
Normally the phishing email’s opening line is a generic “Dear Customer” or
“Dear valued customer” greeting.
* Unknown or unfamiliar sender
Some senders of phishing mails are sloppy and does not attempt to change the sender’s original
email address. That’s why you might receive a supposed PayPal warning from [email protected]
or an email about your eBay account sent by [email protected]
Instinct should tell you that if you are to be genuinely contacted by these sites,
they should be using their official email account.
* Masked URLs
Some phishing pros, however, take time to change these information to make it look like an
official email from a trusted website. Most of the links in these emails are “masked,” that is,
the link looks like a trusted source’s official link but the actual URL is different.
In short, the link you see does not take you to that address but somewhere different,
usually a phony Web site. Examples of this technique are shown below. If you hover or rest
your mouse pointer on the following links, a URL different from the URL you see will appear
in the lower-left portion of your browser.
www.e-gold.com (embedded URL is http://www.e-qold.com)
www.ebay.com (embedded URL is http://www.ebav.com)
How to protect yourself from phishing emails
Almost all legitimate companies would never ask you to provide your personal or account information.
If you receive an email supposedly sent by your bank, PayPal, eBay, or an online account,
it is best NOT to open it.
If you feel that you must open the email, DO NOT click on any link and DO NOT reply to it.
Instead, go to your account’s website (access it directly WITHOUT using any link in the email)
and use the web site’s contact form. Copy and paste the email into the contact form and ask
the site if it is from them.
NEVER open any attachment in the email too.It might contain an executable (.exe) file
that will unleash a trojan or virus on your PC.
You can also copy parts of the email and search for it in Google.
There you can see if other other sites have already given warning that the message
you received is a phishing message.
-Pinoy Money Talk