Greg Hewgill (ghewgill) wrote,
Greg Hewgill

phishing scams

As you may have noticed, I pay careful attention to various kinds of spam and junk email that I get, including phishing scams. There has been a huge increase in phishing scams recently, notably targeted toward Citibank, eBay, and PayPal. They are easy to recognize, usually an unsolicited message from a trusted financial organization asking you to verify a bunch of personal details for some reason or another.

Although my various email filters are pretty good at stopping these before they reach my mailbox, occasionally they slip through. I usually breeze past the usual Citibank/eBay/PayPal ones, often stopping to marvel at how the phishers have become more and more clever in hiding their true intentions.

However, I recently received such a phishing scam purportedly from my own bank. Of course this was just like the others, with "Your account has been suspended" and "...involved with money laundering, illegal drugs, terrorism and various Federal Title 18 violations." But I was surprised to find that my personal reaction to this was much stronger than for the other ones I've received. Some tiny part of my brain was saying something like "what if it IS true?"

I quickly inspected the message and the URL on which it asked me to click actually went to some server in South Korea (although it appeared legitimate on the screen). I received this phishing message several days ago, and the phishing server is still online. Sure enough, going there in a browser produces a web page that exactly replicates the look and feel of my bank's usual login page. Entering login credentials there would post them back to the phishing server, letting somebody else log in to my accounts. Of course I didn't enter any info there.

Anyway, back to my personal reaction to this message. I'm now less surprised that people do fall for these scams, because receiving something from an organization that you trust with your money elicits a very different emotional response than say, a Citibank phishing scam (if you don't actually have a Citibank account). It was alarming, yet I knew it was fake. I did log in to my real bank account to make sure that they really didn't lock me out of my account.

I checked with my bank's web site and they already have this particular email listed as an example of a fake phishing message. However, since the phishing server is still online after 5 days, I submitted a report giving details of the compromised server.
Tags: spam

  • foiled again

    So I finished my earthquake widget about a week or so ago. I was waiting to send it to the Yahoo Widget Gallery so that the screen snapshot they…

  • email address obfuscation

    At the bottom of each of my web pages, I have a footer that looks something like this: Greg Hewgill Having my email…

  • minilink reaches 10k links

    The minilink ( link shortening service first went online in october 2004. Today, a milestone was passed - there have been more than 10,000…

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 1 comment