Monday, January 08, 2007


I received my first real phishing emails the other day. (I say "real" because they were apparently from one of the financial institutions I deal with.) Yahoo threw them into my bulk folder (yay Yahoo!), but I just had to look at them. The emails asked me to click on a link to update my account details.
The emails included my bank's logo and some text, all of which were in the form of an image, so if I happened to click anywhere, I would have been redirected to the fake web page. When I hovered over the image, I could see that it linked to a site whose URL started with the exact text of my bank's website. Had I quickly glanced at it, rather than closely examine it, I could have been fooled. The URL was in fact extremely long, finally ending in a different domain name. I reported the phishing emails to my bank and received some canned response. I'm not sure what, if anything, they can do.

The message: Be very careful when handling emails apparently from companies you deal with. Make sure links are valid. And don't ever give up your account information on request. Your safest bet is to read the email, close it, go to your bank's (or other company's) website as you normally would, log in, and see if you're asked to do anything. If not, ignore the email.

Happy surfing.

No comments: