Something Smells Phishy To Me…

.

Dear Valued Network Solutions(R) Customer:

We’ve recently become aware of a phishing scam targeting domain name customers of a small number of registrars including Network Solutions(R). We wanted to alert you of this situation. Phishing is the practice of luring unsuspecting Internet users to a fake Web site by using an authentic-looking e-mail in an attempt to steal passwords, account information or other sensitive data.

At this time, we know that fraudulent e-mails are being sent to some domain name customers, regardless who the registrar of record is, which include links to sites that look like networksolutions.com or other domain provider sites; however they are fake Web sites. These e-mails are attempting to capture login information. For more information and tips on identifying phishing scams, please continue to read this blog.

Something Smells Fishy to Me is my personal collection of phishing emails and attempts to scam me via email.  I mean what better way to autogenerate content for a blog than to have dubious scammers, fraudsters and criminals do it for me?

In my work as a private investigator, I work closely with clients who are being assaulted by frauds and scams everyday; there is probably not a variation of a scam or scheme that I haven’t seen at least once.  Maybe I’ll teach someone a thing or two about Phishing and they won’t get fleeced.  If I can prevent just one person from being victimized by a phishing attempt then my work here is important.

What exactly is Phishing?

Phishing is the attempt to acquire sensitive personal information, such as confidential identity information, usernames, passwords and credit card details -usually via email- by pretending to be a trustworthy company with which the intended victim may have a business relationship; PayPal, eBay and large online banks are most commonly used. 

Phishing is typically carried out by e-mail and usually tries to get users to enter their sensitive information into a fake website created to closely mimic the company being imitated. This scam usually begins by warning the intended victim that they need to update an account for security purposes.  The link in the e-mail takes you to what looks like the targeted company’s real Web site, but is actually a counterfeit site designed to steal your login information. Once the scammer obtain this information, they will log into the victim’s account and begin diverting money, taking information and even try to use the same username and password for other accounts, since most people use the same login information to access several sites.

These emails are typically spoofed so that they too appear to have been sent from the company being used in the scam too. 

Spear Phishing is attempting to phish very specific targets; rather than sending out hundreds of thousands or millions of phishing emails, the fraud is directed towards one specific person or company.  Phishing attacks on high profile targets is called whaling.

Vishing (voice phishing) sometimes uses fake caller-ID data, through Caller ID Spoofing, to give the appearance that calls come from a trusted organization.

Remember, you are in control of your own personal information and identity data. Do not give it to anyone unless you are sure that the email is legitimate.  Never follow links provided in a suspect email; instead, go to the company’s website by typing the address directly into your browser.  

We can all work together to fight phishing scams.  If you receive a suspicious email, report it.  You can forward it to the US Federal Trade Commission at spam@uce.gov and you can also report the email as spam or junk if your email service or software provides the option.