Phishing - It Still Happens

Unfortunately it does and what’s even worse is that there’s still folks out there who fall victim to phishing scams.

A friend of mine received an email which seemed to be from Yahoo!. It said that due to a large number of login attempts his account was going to be susspended unless he clicked on a link that was provided in the body of the email and login one more time on the secure server of Yahoo!. Since this is my friend’s only email address (he uses it for all of his electronic correspondence: banks, credit cards, utility bills, family, friends etc) he got really scared.

One short note: as you can see “don’t put all your eggs in one basket” should be applied in many more aspects of your life besides those related to money.

I tried to explain it to him that it’s nothing but a phishing scam. He just wouldn’t let it go untill I helped him write to Yahoo! (he’s not very good with composing stuff). Of course they wrote back to him and assured him that the email was not sent by Yahoo! and that he should know - for future references - they would never contact him on such issues through such an email.

The interesting thing is that he’s been the subject of phishing scams attacks before. Well, then what made him almost fall victim this time? By the way I must “admit” I am probably the reason he didn’t :) .

In the previous cases he was not directly threatened by the scams (he even didn’t have an account with the service, bank, credit card that supposedly asked for his personal and financial info for security purposes or he couldn’t care less whether they would be suspended or not). While, this time, he really got scared: “What if this is for real and I’ll loose everything?”

Since, as I said, apparently there’s still people who can fall victims to such scams and since a work at home entrepreneur has more to lose than a private individual, I feel it’s my “duty” to talk about the topic.

All of the above short introduction beeing made let me start by saying: stop falling for phishing scams.

If you can relate in any way to my friend, here’s why you should relax and whenever you receive such an email just trash it (unless you decide to go after the phishers and give them a hard time):

  • No respectable entity you have an online account with (web based email provider, bank, credit card etc.) will ever send you such an email. They are aware of the phishing phenomenon; they know such emails are a characteristic of the phishing phenomenon and would pose a problem to their members because
  • phishers have come such a long way that their emails (the body, language style, URLs, color schemes etc) and even the websites you are taken to by clicking a link in such an email can look so similar to the original that it would be impossible for an unexperienced eye to tell the difference.
  • They want to convey the image of an entity that cares about its customers/members and not putting them in a tough situation (of deciding whether such an email comes from the real web site or not) is one way of accomplishing such a goal.
  • Rather than relying on such emails, they all have the capability of using other methods of contacting you when nedeed: phone calls, snail mail or even putting up a screen that would load when you attempt to log in before actually taking you to your member area.

If the above list doesn’t work for you, the email you received is so convincing that you tend to believe if you don’t pay attention to it it might affect your account, here’s a few pointers you should consider:

  • Due to the high risks people’s privacy is exposed on the internet, all, again respectable, entities which you entrust with your personal and financial information put in place secure websites. I am not an expert at all of this stuff. However, I have learned so far that one thing I should look for before I log in to such websites is the “s” after the “http” in the URL. The URLs of your bank, credit cards and other financial services websites should start with “https://”. A simple “http://” should raise question marks.
  • There’s always the option of you contacting them. Just open the website the way you normally do (from your bookmarks or by typing in the address in your browser) and look for contact information. To be even more on the safe side, I would suggest calling. Tell them about the email and I’m positive they’ll tell you what I’m trying to convince you of: it’s only a phishing email. That should make it easier for you to sleep at night.
  • Very Important: Call the regular customer service number not the one provided (probably) in the email. In the case of my friend, he did call a number provided by the phishers in the email and it sounded very Yahoo!-ish. See how far these folks can go?

If you don’t believe a word I’ve said, go ahead and check out FTC’s article on the topic.

Posted in Scams, Security |

Leave a Reply