Phishing in 2014

cat burglar picDon’t worry, I haven’t taken up creative spelling!

‘Phishing’ describes a process whereby hackers ‘fish’ for information by sending bogus emails to unsuspecting netizens. These emails purport to come from legitimate companies, and are designed to scare netizens into divulging their Account IDs, and passwords.

Rather than trying to describe the process in detail, I have an example to show you. I received the email below just today. The nasty bits have been taken out.

From : Blizzard Entertainment <tvestt@gmail.com>

[The email reply-to is the first big giveaway. Blizzard Entertainment is a legitimate gaming company, and produced the highly successful MMO – World of Warcraft. BUT! All official Blizzard emails use email addresses linked to their website, NOT gmail!]

Greetings

An investigation of your World of Warcraft account has found strong evidence

that the account in question is being sold or traded.

[I did have a World of Warcraft account – about five years ago. Oddly, I didn’t start receiving these emails until a year or so after I stopped playing.]

As you may not be aware of,

[Awkward grammar and sentence construction can often be a dead giveaway as well]

this conflicts with Blizzard’s EULA under section 4 Paragraph B which can

be found here:

WoW -> Legal -> End User License Agreement

and Section 8 of the Terms of Use found here:

WoW -> Legal -> Terms of Use

[The email references genuine, Blizzard Entertainment web pages, but does not actually link to them]

The investigation will be continued by Blizzard administration to determine the

action to be taken against your account. If your account is found violating the

EULA and Terms of Use, your account can, and will be suspended/closed/or

terminated.

[This is the big stick designed to scare players into quickly clicking on the link provided]

In order to keep this from occurring, you should immediately verify that you are

the original owner of the account.

To verify your identity please visit the following webpage:

[To verify your identity, you will be asked to enter your Account ID and password. The minute you do that, the hackers will have all your account information and will be able to enter World of Warcraft as youThe consequences can range from annoying to devastating.]

xxxx//www.baltte.com/xxxxxxxxxxxxx

[Look carefully at web site name. ‘baltte’ is NOT a typo. URLs with typos do not work. Blizzard does have an account with ‘battle’ in the address, but this is definitely not it.]

Only Account Administration will be able to assist with account retrieval

issues. Thank you for your time and attention to this matter, and your

continued interest in World of Warcraft.

Sincerely,

Account Administration

Blizzard Entertainment

***

The above example is actually a rather amateurish job, with fairly obvious clues to its origins – if you know what to look for, and don’t panic. The problem is, most normal netizens don’t know what to look for, and phishing is not restricted to online games.

In the past couple of years, I’ve received more than one phishing email – supposedly from my bank – with the right logos and graphics etc, and no easy giveaways. In fact, the only thing these highly professional phishing emails had in common with the example above was that they required me to follow a link and SIGN IN.

Now, if you don’t use internet banking, this warning probably doesn’t apply to you. However if you do use internet banking, then please understand that once you follow one of these bogus links, and sign in to your banking account, your money will be gone in minutes.That is how serious phishing can be.

So, two very important facts to learn and remember :

1. If you get an email from your bank telling you there is a problem, and asking you to login to your account via a link in the email – DON’T DO IT!

2. Always login to your account via the normal, legitimate web address. Having to type in the URL may not be as convenient as clicking on a link, but it is far, far safer. If there is a genuine problem with your account, it will show up once you are safely logged in to your account. 99.99999% of the time, however, there won’t be a problem, and the email you received will have been bogus.

The internet is a wonderful place, but even the best anti-virus software cannot protect you from hackers if you aren’t aware of the danger, and don’t exercise some common sense.

Play safe, bank safe!

cheers

Meeks

Advertisements

About acflory

I am the kind of person who always has to know why things are the way they are so my interests range from genetics and biology to politics and what makes people tick. For fun I play online mmorpgs, read, listen to a music, dance when I get the chance and landscape my rather large block. Work is writing. When a story I am working on is going well I'm on cloud nine. On bad days I go out and dig big holes... View all posts by acflory

22 responses to “Phishing in 2014

  • Candy Korman

    I operate under the theory that anything that appears to be fishy is probably phish-y. It’s a good thing to keep in mind.

    There are a lot of scary, dangerous, nefarious, insane, greedy, weird people out there!

    Like

  • Carrie Rubin

    Excellent and important points. I’ve gotten a couple phishing emails lately. It’s impressive how official some of them can sound. One really has to be vigilant.

    Like

    • acflory

      Yes, some of them have been so good I’ve found my finger hovering over the link because it looks so /real/.

      I think its the combination of apparent legitimacy and that first moment of panic. Most of us are law-abiding people, so being suspicious is not second nature to us. Perfect victims. 😦

      Like

  • lynnecantwell7

    Great post! Here’s hoping you’ve saved someone a heap of trouble. 🙂

    Like

  • Yvonne Hertzberger

    Thanks for the heads up. I’ve had several of these fraudulent emails. They can be a real threat to the unaware.

    Like

    • acflory

      I’m glad you’re not one of them. I think most of us have the necessary ‘street smarts’ but I shudder to think of how many people are out there with little to no understanding of computers, or the dangers they can usher in.

      Like

  • DV Berkom

    I’m sending this to my parents 🙂 You’ve described phishing in such a clear, precise way–much better than I ever could. Thanks!

    Like

  • davidprosser

    The only thing I’d add to your cautionary tale is that phishers don’t generally use your name but may start as yours did with ‘Greetings’ or ‘Dear Member’ whereas an official notification would generally know how to refer to you.Your advice is sound that if you have any doubts, ALWAYS sign in properly and never through a link in the email.
    It just hurts to know none of my marriage proposals are real, maybe I should stop ending them?
    xxx Massive Hugs xxx

    Like

  • Jon Jefferson

    I love getting emails like this. They make for some great entertainment. I think some of my favorites are the porn ones that start off sounding like you know the person, at least until you find five similar letters in your spam folder.

    Like

  • metan

    I was born suspicious, so a link in an email, however legitimate it seems, will never be clicked!

    I will always go to the website of the business I deal with and access the information that way, the phishers or spammers sound more and more legitimate all the time, the tricky buggers!

    Good job laying out one of the perils of the interwebs so clearly. 😀

    Like

    • acflory

      Thanks Metan. And yes, they’re getting trickier every day. Now if only I could figure out how they get my email address. I’m careful about that too. Oh well. -shrug-

      Like

      • metan

        Competition entries I reckon. Does anyone ever win or are they just collecting your details…. See, suspicious…. 🙂

        Like

        • acflory

          -sigh- I don’t know what got into me but… I signed up for a competition the other day. I knew I was being stupid, and I was right. My inbox contains scores of unwanted junk offers, and they’re even sending them to my phone.

          Why oh why did I give in? Um…don’t answer that.

          Like

        • metan

          I never sign up for them, if they are giving away a car in exchange for something as insignificant as your contact details clearly those details are worth far more than you think they are.

          Tatts is the only thing I really want to win! 😉

          Like

        • acflory

          The weird thing is I never signed up either, until now. I wonder if there’s such a thing as temporary dementia.

          Sadly I know I’ll never win Tatts as I never buy a ticket. Maybe I should. 🙂

          Like

  • geooorge

    … They could have at least gotten a url like blizard or blizzart. Gmail? 😛
    Ah. it reminded me of that thread in guru (i think it was in guru anyway…) where someone trolled the scammer back.

    I actually got a scam email once that looked like the ones a local bank sends that was really well done, looked official.
    Not a lot of typos and all the right logos and layout.
    Actually called them to give a heads up because there weren’t any emails like that before.

    Like

    • acflory

      I know….gmail of all things! And yes, I’ve had banking emails too, and they are eerily similar to the real thing. I think that was when I started to take phishing seriously.

      Like

Don't be shy!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: