Gone Phishing

Posted on Nov 30, 2005

An incident with Megan last night and a link this morning reminded me about how hard it can be for a regular person to be fooled by phishing attacks

Phishing is the practice of a spammer pretending that they are from a legitimate company, such as Bank Of America, Capital One, or PayPal. The spammer will then include a link in an HTML e-mail claiming “Someone else is using your account!” or “Claim your free prize!” or something of that nature. The link in the e-mail will be to some other domain, that has nothing to do with the legitimate company. Then, when you enter your username and password, that third party has all the information they need to begin taking over your account.

Megan received a particularly conniving one last night where the phishers used a domain that began with paypal.com. It only matters what the domain ends with, not what the domain begins with.

Whenever you get an e-mail like this, it’s best to bring up the regular homepage and login via the mechanism to which you are accustomed.

Just trying to do my part, today. Take care of yourselves out there.