Call Us Today! 207-265-2051 | kingfield@cpromptcomputers.net

TTT #4 – Phishing – Don’t Get Hooked

Home » Articles » TTT #4 – Phishing – Don’t Get Hooked

TTT #4 – Phishing – Don’t Get Hooked

Recently my wife received the e-mail that appears here:

From: WEBMAIL ALERT MASSAGE [mailto:cbadano@cbc.uba.ar]

Sent: Monday, January 31, 2011 8:01 AM

To: undisclosed-recipients:

Subject: Dear RoadRunner Subscribers

 

Dear RoadRunner Subscribers,

 

This mail is to inform all our Subscriber that we will be maintaining and

upgrading our website in a couple of days from now. As a Subscriber you are

required to send us your Email account details to enable us know if you are

still making use of your mailbox.Be informed that we will be deleting all

mail accounts that is not functioning to enable us create more space for

new subscribers, You are to send your mail account details which are as

follows:

 

Notice:Your Email account will be expired after 48 hours, if you do not

re-validate or update your account. Please do co-operate with us so we can

serve you better, contact the administrator!!****

Information Required:

 

Your Full Names:

Email address:

User Name:

Password:

Confirm Your Password:

Alternative Email :

 

To avoid deleting your valid account from our DATA BASE, Please understand

that we doing this maintaince to create space for new subscribers.Failure

to do this will immediately render your email address deactivated from our

database. Thank you for using RoadRunner Webmail.

 

Thank You.

RoadRunner Email Administrator

Warning Code :ID67565434.

——————–

This type of e-mail is known as “phishing”.  According to Wikipedia, Phishing is “is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.”  In other words, someone out there is trying to trick you into giving them personal and potentially damaging information.

If my wife had replied this message with the information requested, she would have given someone access to her e-mail.  Some may ask why that is a big deal – after all, it’s not like giving access to a bank account, is it?

A few years ago I had someone hack my e-mail password, without my realizing it.  They were then able to go to eBay.com, and recover my eBay password.  They then proceeded to begin making orders from eBay.  Fortunately, they did not succeed, but you can begin to imagine how potentially damaging this could be.  In addition to hacking my eBay account, they might well have been able to hack my PayPal account and proceed with these purchases.

This e-mail is attempting to accomplish the same thing.  So the question is, how does one guard against this?  The first answer is to be sure you aware of these scams.  When people get these and have never heard that they might be a scam, they tend to be very trusting and reply with what is asked.

Secondly, look for tell-tale signs that this is a scam.  In the example above, the first sign is the e-mail address that is on the message.  cbadano@cbc.uba.ar is not an address that is from Roadrunner.  If Roadrunner is requesting information, then you would expect the message is coming from Roadrunner. The second sign is the grammar and spelling in the message.  Roadrunner is a reputable company.  They would never send out a message that contains things such as missing spaces after punctuation marks (notice the lack of space after a couple of periods and after a colon), poor grammar (notice the sentence “Please do co-operate with us so we can serve you better, contact the administrator!!****”) and misspelling (MASSAGE instead of MESSAGE and maintaince instead of maintenance).

 

Finally, reputable organizations will NEVER ask you to reply to an e-mail with information, or ask you to click a link to enter information.  ALWAYS read the address bar in your web browser, as well, to insure you are on the site you think you are on.  Most browsers now also have phishing filters to help users avoid sites  known for phishing – be sure those filters are active.

 

The two links below provide some additional information on phishing, which may be useful.

 

http://www.microsoft.com/protect/fraud/phishing/symptoms.aspx

http://en.wikipedia.org/wiki/Phishing

By | 2011-02-06T12:41:27-04:00 February 6th, 2011|TTT|0 Comments

About the Author:

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: