Disgusting! Phishing scams have never been more prevalent, or more sophisticated. Today I’d like to share a recent experience with a phishing scam that a client received.
What is phishing?
Phish (fĭsh) intr.v. phished, phish·ing, phish·es
“The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake.”
(Definition via Wikipedia)
So official looking
The image here is of the email my client received, supposedly from merchant gateway Authorize.net. Reading the contents would make any online business panic, and the fact that they use an official Authorize.net logo would make you think it’s real.
On first glance, it’s reasonably well-worded, and they even go so far as to use a reply email address that would look like an official Authorize.net return address.
Two clinchers for me
- I right clicked on the hyperlink in the message to get the URL, without actually opening the site in a browser. Then I pasted it in a text pad file. The URL (which I’m not posting here) contained text with a hyphen followed by the Authorize domain.
- Second to last line of the first paragraph says “…and to prevent any similarly situations…” Grammar and spelling are often dead giveaways of a phisher.
That was the downfall for this one. An official email from Authorize.net would never have some a URL to click on that included text with a hyphen in front of it. But, for someone looking in a hurry, they might just see the Authorize and think it was official. Following the link might very well lead you to a very official looking login page, which might cause you to believe you were safe in entering your credentials. And it is highly unlikely that Authorize.net would send an email out with grammar issues.
Nora’s tips for staying away from disgusting bottom feeding phishers
Never click on a login link in an email, even if you are really certain it’s safe. ALWAYS instead open a new browser window and go to the main address of the site. Login from there and deal with whatever the email pertains to.
Know that a reputable company would never ask you for sensitive information via an email. If you’re in doubt, call them up.
Watch for bad grammar or misspellings. They are a dead giveaway.
Look for https. Seeing https (the s is important) at the front of a URL lets you know that this is a secure and encrypted page.
Ignore pop-ups. If a pop-up appears when you’re on a web page, asking for you to provide sensitive information, don’t bite!
Check the links. Right click the link, copying its address. Don’t open it in a browser. Instead, paste it into Windows Notepad or Mac Text Edit and take a close look at it there.
If you’re not sure, ask a tech guru. A virtual assistant, such as myself, or a savvy tech person you know will likely be able to help.
Need tech help?
That’s part of what I do. I’d love to lend you a hand. Give me a ring at 888.779.6672.
Subscribe to our weekly tech and productivity tips
Each Monday, I’ll start your week with a tech or productivity tip from my trusty tool kit. I hate spam as much as you do. Your email address will never be sold, rented or otherwise used without your permission.
In addition to my weekly Monday tip, I will occasionally send you a newsworthy item – no more than 1 additional message per week.
Recent Comments