MICRO CENTER: COMPUTERS AND ELECTRONICS
Random Access   chris, kp & rob
Geek Candy
Phishing
by rob

Phishing (pronounced just like catching fish) is a scam designed to use authentic-looking emails and websites to steal your personal information.

Everyone has surely received account notices from a bank, vendor or other online business that want you to log into their website to update account information or other details. These emails usually have company logos and the same disclaimers you always see on an official communication. Don’t be fooled by looks. Images and text are easily copied. The big question for Internet denizens is: when you get an email from a company, how do you know it’s really genuine?

Here are some questions to ask about the email:

  1. Do you do business with the company?
    This one is easy. If you get an email about an account you’ve never opened, it’s clear that the sender of this email is dubious.

  2. Is the email addressed to you?
    Your email address should be listed after the To: section in the email header. Also, the company you deal with should refer to you by name in the greeting, not a generic greeting.

  3. Is the information they present about you correct?
    If the email has information about you (the last four digits of your credit card, expiration date, account number, etc.), take a moment and check it against what you have on file.

  4. Where does the link really go?
    Put your mouse over the link. This should show you the real URL used for the link either as a popup (in Outlook) or in the status bar of your web browser (if you’re using web-based email). This can be spoofed as well so while not a fool-proof way to check the URL, doing this will reveal some misleading URLs.

Now it's time to use some of these questions on the following sample email. Let's assume your email address is randomaccessfan@microcenter.com.

From: "Generic Bank Online" <online@genericbank.com>
To: customer@mygeneric.com
Subject: Dear Valued Customer
Date: Fri, 7 Dec 2007 07:58:55

Generic Bank

Dear Generic Bank customer,

We recently reviewed your account, and suspect that your Generic Bank account may have been accessed by an unauthorized third party. Protecting the security of your account and of the Generic Bank network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features.

To restore your account access, please take the following steps to ensure that your account has not been compromised:

Login to your Generic Bank account with your USER ID and Password and wait to update your account.

Review your recent account history for any unauthorized withdrawals or deposits, and check your account profile to make sure no changes have been made. If any unauthorized activity has taken place on your account, report to Generic Bank immediately.

Generic Bank Account ID: E00077978369-840

To get started, please click the link below:

www.genericbank.com/update.php

We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire Generic Bank system. Thank your for your prompt attention to this matter. Generic Bank - Online Banking

Sincerely, Generic Bank Team.

Please do not reply to this email. Mails sent to this address cannot be answered.
For assistance, log in to your Generic Bank account and choose the "Help" link in the header of any page.

Let's see how we did:

  1. Do you do business with the company?
    If you don't have an account with Generic Bank, it's an easy giveaway. But let's assume you do business with Generic Bank.

  2. Is the email addressed to you?
    The greeting is generic which is suspicious. The To: line lists an email address that is not yours. This is a red flag for phishing.

  3. Is the information they present about you correct?
    Check the account ID they supply against your bills. If it doesn't match, don't click the link.

  4. Where does the link really go?
    Put your mouse over the link. The URL in your browser's status bar will show you the real destination of the link. Anything other than www.genericbank.com should be a warning sign.

Browsers Help
If you do click on a link to a fraudulent website, your browser may come to the rescue. Both Internet Explorer 7 and Firefox 2 have built-in phishing filters to alert you if the site you ’re visiting is suspicious.

Firefox Firefox
Firefox 2 and IE 7 alerts about suspected phishing sites

Testing URLs
In the end, it’s better to be safe than sorry. If you have any suspicions about the validity of a URL you can check it against known phishing websites. One such service is phishtank.com, a collaborative clearinghouse for phishing websites and other information.

When nothing else will convince you of an email's authenticity, you can always go to the company's website by typing the URL into the address bar of your browser by hand. Or, you could always call the company if you have any questions about their communications.

Get Random Access

Understanding Tech

Print this article

Shop Online

Send-to-a-
Friend

Your Name:

Your Email:

Your Friend's Name:

Your Friend's Email:


 © Micro Center