What is Phishing?
Phishing is the use of email to get Internet users to divulge personal information. This information is usually financial information that can be used to steal from the individual providing the information. These scams usually work by warning the user that his/her account with some bank or financial institution is at risk and the user must provide information to the institution to keep the account open. Of course there are many variations on this, but you get the idea. Citibank, eBay, and PayPal are common targets of these scams.
How do I Recognize a Phishing Scam?
These scams are getting better and do a lot to make their message look legitimate. They use the style and icons of the institution they are scamming. Most of the web links even point back to that institution. If you carefully examine the source of the message you will typically see a link like href="http://www1-ebay .com/… This is not an eBay site, but might look like it if not examined carefully. In conclusion, it can be difficult to recognize one of these scams.
What Should I do if I Receive a Message like this?
The safest way to respond to one of these emails is to deal directly with the institution. If you don't have an account with that institution, then ignore the message. If have an account, then contact the institution directly. Don't click on any links in the email, they cannot be trusted. Open a new browser window and enter the institution's web address directly. You may want to call the customer support on the telephone. Again don't use numbers listed in the email, but obtain the number from the phone book, bank statements, or some other trusted source. If there really is a problem with your account, they should be able to help you.
Oh No, I Responded to one of these emails, What do I do now?
Contact your financial institution right away and let them know
that you may have been scammed. They may be able to protect your
account from the scammers. You should also contact the Federal Trade
Commission (FTC) to report the fraud. You may also want to contact you
local police to report the fraud.
Edited Example of an Actual Phishing Email
Please login to your Personal Account Access Internet Banking
and visit the Message Center section in order to read the message.
To Login, please click the link below:
Go To Personal Account Access
© 2007 Nevada State Bank. All rights reserved.
And here's the source view of the message. Note that the email is not really from Nevada State Bank, but rather server749.peel7 .com. Also note the web link is not to Nevada State Bank, but to 91.92 .231.202, the scam web site.
Return-Path: <email@example.com .com> Received: from enterprise.svpal.org (firstname.lastname@example.org [192.168.147.69]) by svpal.svpal.org (8.13.8/8.13.8) with ESMTP id l17AR3sn038505 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <email@example.com>; Wed, 7 Feb 2007 02:27:09 -0800 (PST) (envelope-from firstname.lastname@example.org .com) Received: from server749.peel7 .com (server749.peel7 .com [188.8.131.52]) by enterprise.svpal.org (8.13.8/8.13.8) with ESMTP id l17AQPFs028395 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <email@example.com>; Wed, 7 Feb 2007 02:26:26 -0800 (PST) (envelope-from firstname.lastname@example.org .com) Received: from localhost (localhost [127.0.0.1]) (uid 806) by server749.peel7 .com with local; Wed, 07 Feb 2007 05:20:23 -0500 id 0004EECD.45C9A7E7.00003734 To: email@example.com Subject: You have 1 new ALERT message From: "firstname.lastname@example.org .com" <email@example.com .com> Reply-To: firstname.lastname@example.org .com Mime-Version: 1.0 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-ID: <courier.45C9A7E7.email@example.com .com> Date: Wed, 07 Feb 2007 05:20:23 -0500 <HTML> <CENTER> <FONT face="verdana" size=2><B>You have 1 new ALERT message</B><BR> Please login to your <B>Personal Account Access Internet Banking</B><BR> and visit the <B>Message Center</B> section in order to read the message.<BR><BR> To Login, please click the link below:<BR><BR> <a href="http:// 91.92. 231.202/ banking.nsbank .com/passwordreset/ praction/nsb/PasswordReset.htm">Go To Personal Account Access </a></FONT><BR><BR> <font face="verdana" color="99999" size=1> © 2007 Nevada State Bank. All rights reserved. </FONT></CENTER> </HTML>
Another Edit Example of an Actual Phishing Email
Dear eBay Member,
And here's the source view of the message. Note that the email is not really from eBay, but rather HostMaster31.hostingbay .net. Also note the web link is not to eBay, but to 184.108.40.206, the scam web site.
Return-Path: <aw-confirm@ebay .com> Received: from HostMaster31.hostingbay .net (HostMaster31.hostingbay .net [220.127.116.11]) by enterprise.svpal.org (8.13.1/8.13.1) with ESMTP id j2RD6jGA031347 for <firstname.lastname@example.org>; Sun, 27 Mar 2005 05:06:49 -0800 (PST) (envelope-from aw-confirm@ebay .com) Message-Id: <200503271306.j2RD6jGA031347@enterprise.svpal.org> Received: from [18.104.22.168] (helo=abood) by HostMaster31.hostingbay .net with esmtpa (Exim 4.44) id 1DFXD6-0005ta-Ez; Sun, 27 Mar 2005 22:49:46 +1000 From: "eBay User Agreement" <aw-confirm@ebay .com> Subject: eBay - Billing Information Need To Update To: email@example.com Content-Type: text/html;iso-8859-1 Reply-To: aw-confirm@ebay .com Date: Sun, 27 Mar 2005 14:49:48 +0200 X-Priority: 3 X-Library: Indy 8.0.25 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta name="GENERATOR" content="Microsoft FrontPage 4.0"> <meta name="ProgId" content="FrontPage.Editor.Document"> <title>New Page 1</title> </head> <body> <p><b>Dear eBay Member,</b><br> <br> Due to recent account takeovers and unauthorized listings, eBay is introducing a new account verification method. From time to time, randomly selected accounts (seller and/or buyer) are subjected to an advanced verification process based on our merchant accounts/bank relations and customers credit card. eBay may also request in an email message scanned/faxed copies of one or more photo IDs. Your account confirmation may go wrong if your credit card/bank account is expired, or if you have changed your credit card number, billing address etc. without notifying us about the change. Subject of this verification process are also the accounts that have unpaid dues to eBay.<br> Your account is not suspended, but if in 48 hours after you receive this message your account is not confirmed we reserve the right to suspend your eBay registration. If you received this notice and you are not the authorized account holder, please be aware that it is in violation of eBay policy to represent oneself as another eBay user. Such action may also be in violation of local, national, and/or international law. eBay is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the full extent of the law.<br> <br> Note: If this is the second time you receive this notice, it might be because you have made a mistake when you entered your details or that the account was not updated at all.<br> <br> <br> <b>To confirm your identity with us click here:</b><br> <a href="http:// 66.49. 46.170">http://signin.ebay .com/aw-confirm</a><br> <br> <b>We apologize in advance for any inconvenience this may cause you and we would like to thank you for your cooperation as we review this matter.</b><br> <br> <br> Respectfully,<br> Trust and Safety Department<br> eBay Inc.</span></p> </body> </html>
[SVPAL Home] [Subscriber]
Silicon Valley Public Access Link
Last Updated: Wednesday July 8, 2015
HTML5 UTF-8 (EURO €)