In case you didn’t know, Phishing is where you send an official looking email to every email address you can find hoping that someone will click through to your website and provide you with bank account information or login information. The emails will appear to come from a valid email address (security@BankName.com) but will actually have been spoofed.
I had thought everyone was as paranoid as me about this, but in the past 3 months, I’ve had one friend caught and my manager was nearly caught. This emails usually make you think that someone has hacked into your account, and you have to “verify some information” or they will shut down your account. They provide an official looking link, but it actually goes somewhere else. (like in my sample)
Here are some samples:
Dear Customer,
We recently noticed an attempts to log in to your online banking account from a foreign IP address and we found one or more your information changed. Because of that we have reasons to believe that your account was used by a third party without your authorization.
The login attempt was made from:
IP Address : 172.25.210.66
ISP Host : cache-66.proxy.aol.com
Login Date : 06-January-2006
If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you. Therefore, if you are the rightful account holder, click on the link below to log into your account and follow the instructions.
https://www.BankName.com/cgi-bin/ias//sso.login.controller
We need you to update and confirm your account information that has been changed, so we can verify your information with our new data. If you choose to ignore our request, you leave us no choice but to temporarily suspend your account.
If you received this notice and you are not the authorized account holder, please be aware that at it is in violation of BankName online banking policy to represent oneself as another BankName online banking user. Such action may also be in violation of local, national, and/or international law. BankName is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that impersonators are prosecuted to the fullest extent of the law.
Thank you for your patience as we work together to protect your account.
Sincerely,
BankName Account Security Department
Account Manager,
David Renwick
THIS IS A E-MAIL FROM BANKNAME, AND YOU MAY OPT-OUT FROM OUR E-MAILS AT ANY TIME. IF YOU’D LIKE TO BE OPTED-OUT WITHIN 10 BUSINESS DAYS, PLEASE UPDATE YOUR E-MAIL PREFERENCES.
The security and confidentiality of your personal information is important to us. BECAUSE E-MAIL IS NOT A SECURE FORM OF COMMUNICATION, THIS E-MAIL BOX IS NOT EQUIPPED TO HANDLE REPLIES. If you are a BankName customer and have sensitive account-related questions, please call the phone number provided on your account statement or the appropriate phone number indicated in the following “Contact Us” link so we can properly verify your identity. For all other questions or comments, please use the Web forms available via Contact Us.
We respect your privacy, and you can rest assured that we protect your information, including your e-mail address, and will never sell or share it with marketers outside BankName. To find out more, please read our Privacy Policy.
BankName E-mail, 6th Floor, 101 North Tryon Street, Charlotte, NC 28255-0001
BankName, N.A. Member FDIC. Equal Housing Lender
© 2005 BankName Corporation. All rights reserved.
or
Dear eBay Member,
We regret to inform you that your eBay account could be suspended if you don’t re-update your account information.
To resolve this problem please visit link below and re-enter your account information:
https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&sid=verify&co partnerId=2&siteid=0
If your problems could not be resolved your account will be suspended for a period of 24 hours, after this period your account will be terminated.
For the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend,…scam continues…
Of course the real letter would use the company logo, etc. I’ve seen phishing emails posing as several banks, Ebay, Etrade, and others. If you get an email about a bank account, that requires any action on your part, just delete it. If you are concerned that it might be legitimate, DON’T click through the links - go to the official website (like http://ebay.com, etc.), look for contact information on the site and talk to someone on the phone - unless the official website has been hacked, this should be a safe way to verify if anything really needs to be done to your account.
, so I was glad that Justin's homework last night was to write a three paragraph story using action verbs and descriptive adjectives. Although Justin is only in third grade and hasn't written very much, I could see him struggling to reword sentences to avoid passive voice.