By Doctor Security
Okay, class, who knows what phishing is? If you think that phishing is an attempt to get people to reveal their personal and financial information usually in response to a fraudulent email…you are right!
Phishing is a nasty form of spam that is sent by cybercriminals to millions of potential victims with the hope of fooling a few. Why you ask – to empty bank accounts or steal identities.
You never have to fall for a phishing email scam if you get security software like ZoneAlarm Extreme Security 2010 that blocks phishing sites and includes anti-spam that stops phishing emails. In addition to software for your PC, you should fine tune your personal “B.S. meter.” You can do this by ALWAYS being skeptical of any email request that asks for information, confirmation or verification of personal information such as your address, social security number, bank account, credit card number, password, birth date or occupation.
The first question you should always ask yourself is: why are these people contacting me? Next question: is this a legitimate email? If your common sense tells you that this is probably not a legitimate correspondence, then you can get confirmation by looking at the email carefully.
Most likely the obvious signs will include misspellings, odd formatting, unusual word phrasing, and calls to action that are “scare tactics” or thinly veiled threats. Check out the text from two phishing emails that I received recently. These should give you a better idea of what I am talking about and what you should look out for.
EXAMPLE #1
From Line:
Yahoo Member Service <Mailcentre@yahoo.com>
Subject Line:
Warning!: Yahoo! Verification Alert!!! (KMM69467VL0558KM)
Dear Valued Member,
Account Alert
Dear Valued Member,
Due to the congestion in all Yahoo users and removal of all unused Yahoo Accounts,Yahoo would be shutting down all unused Accounts,You will have to confirm your E-mail by filling out your Login Info below after clicking the reply botton, or your account will be suspended within 24 hours for security reasons.
UserName: ……………………………
Password: …………………………….
Date of Birth: …………………………
Occupation: ………………………….
Country Or Territory: ………………..
After following the instructions in the sheet, your account will not be interrupted and will continue as normal.. Thanks for your attention to this request. We apologize for any inconvenience.
Yahoo! Customer Care
Case number: 8941624
Property: Account Security
Contact date: 11-2009
Warning!!! Account owner that refuses to update his or her account before two weeks of receiving this warning will lose his or her account permanently.
EXAMPLE #2
Subject Line: Special Social Security Administration Grant…
Tue, January 3, 2006 12:47:34 AM
From: Social Security Administration <Info@special-funds.ssdi.gov>
Britney Richards,
Social Security Administration
Office of Public Inquiries
Windsor Park Building
The Social Security and Supplemental Security Income disability programs are the largest of several Federal programs that provide assistance to people with disabilities.
While these two programs are different in many ways, both are administered by the Social Security Administration and only individuals who have a disability and meet medical criteria may qualify for benefits under either program.
Social Security Disability Insurance pays benefits to you and certain members of your family if you are "insured," meaning that you worked long enough and paid Social Security taxes.
A Special Social Security Disability Insurance funds has been Approved for a Direct Deposit Transfer to all the Disabled Community withing the
You are Advised to Contact the Bearer below to Fill out your Form 1199A ( Direct Deposit Details Form) to Collect your Funds. Kindly contact Social Security Agent,
Name:- Britney Richards
Email:- SSAagent12@aol.com
You are advice to provide him with the following information:
Names:
Telephone/Fax number:
Nationality:
Age:
Country:
State:
(This is important as a case of double claims will not be entertained). Members of the affiliate Agencies are automatically not allowed to participate in this Program. Furthermore, should there be any change of address do inform our aAgent as soon as possible. Congratulations once more from our members of staff and thank you for being part of our promotional program.
Yours Faithfully,
Shawn Morgan.
Social Security Administration
Thank you and congratulations!!!
This email may contain information which is confidential and/or privileged. The information is intended solely for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents is prohibited. If you have received this electronic transmission in error, please notify the sender by telephone or return email and delete the material from your computer.
Britney Richards,
Social Security Administration
Office of Public Inquiries
Windsor Park Building
6401 Security Blvd.
Baltimore, MD 21235
Dr. Security’s List of “Red Flag” Items in Phishing Email:
Example 1:
- Use of exclamation marks in the subject line
- Odd phrasing “Due to the congestion in all Yahoo users…”
- Typo “botton” instead of “button”
- Scare tactic: Warning!!! Account owner that refuses to update his or her account before two weeks of receiving this warning will lose his or her account permanently.
Example 2:
- Wrong date “Tue, January 3, 2006 12:47:34 AM” (This email arrived on December 13, 2009)
- Typo “…a Direct Deposit Transfer to all the Disabled Community withing the
- Government official using an AOL email account? SSAagent12@aol.com I don’t think so.
Two different signatures: “Shawn Morgan” and then “Britney Richards”