 keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB
1 edit | reply to calvoiper
Re: Hmm... An intelligent sign to have on the wall.
But phishing works by seeming to be solicited.
Phishing pretty much always involves widely used companies so that there is a high likelyhood that some phishmail recipients will not be surprised to receive the email.
Say you deal with, say, Wells Fargo Bank, and you do banking transactions over the internet.
Say you get an email from Wells Fargo Bank. That email seems to be solicited. The Phisher spoofs the return email address, which as you may know is not hard to do, so that you think the email is from a company you normally get email from.
The second twist is that phishing emails often have perfect business english (unlike most virus emails). They usually have the same phrasing that a bank or ISP or whatever company would use. One tip-off about phishing email is that the phisher usually doesn't know your full name and address or account number. So if the usual personal details are missing, suspect phishing. And always report suspected phishing using the procedures in the FAQ linked at the bottom.
So you click on the link in the email, go to a familiar looking website, and see actual real Wells Fargo graphics all over it.
And that is the third twist. Because web pages are downloaded to browsers for display, the legitimate web page contents are available to phishers for copying. Phishers can make exact copies of the real pages and the real graphics on the real pages.
The final phishing trick is to send you to part of the legitimate company website after you give up your information (usually credit card number, account name, password, whatever).
That way, they get your info, and you enter the regular website, and there is nothing to tip you off that you've been scammed -- until your credit card goes over limit, or your ISP suspends your account for spamming.
Here is the BBR FAQ on phishing:
»Security »Scam Email: What is Phishing? What do I do about it?
There is a link to actual pictures of phishing emails and websites. You can see how realistic they are. The pictures have notations on any tip-off clues. »www.antiphishing.org/phishing_archive.html
--
(Virus&Hijacking FAQ + Submit suspected malware + Backups FAQ + Security FAQ TOC) |
