Dynamic Graphics Website Design
Website Design - Redesign - Hosting - Maintenance
Gone Phishing & Spoofing
by Shauna Millar
What is phishing? Have you ever received an email that says your password has expired and
you need to click on this link to go fix it? Or you credit card wasn’t accepted and you need to click here to fix it? Password on Paypal? Bank information? Social security number?
Well, you might have received one or more of these emails or something similar, and for all intents and purposes they “look” real. They have the right logo, the return email address seems right. Almost everything is in order. (They might even have added the physical address to the bottom of the email.) The first thing to know is that none of these places would ever send you an email asking for verification of that information. They won’t even call you.
What might actually occur if any information was needed, is that when you went to log into the site, you would have a message waiting for you. The only time you get an email from these companies about your password is DIRECTLY after you have gone to their site and changed the password. They send a link for verification, which expires if not used within a certain amount of time, then you have to go back and redo the entire thing again.
You can verify the links by taking your mouse and hovering over them. Where the link goes will show in the window at the bottom of you browser screen. This will tell you where the email actually came from. You can also expand the path header information in the email; however, be aware that sometimes people will “spoof” the email address. In other words, the return address is correct and more than likely goes to an address that will bounce.
What do you do if you fall victim to such a scam? First, if you did click on the link, immediately contact the business that you thought it was from. If a credit card company, have your card cancelled and re-issued. Change your passwords immediately. All legit companies have a spoof/spam/phishing email; where you just forward the phishing email to the company. This allows the company to chase down the individual(s) who are responsible.
It’s easy to click a link that you think is legitimate. However, most of the time people will realize it either before any harm is done or immediately after, which gives you enough time to protect yourself.