‘Phishing’ describes a process whereby hackers ‘fish’ for information by sending bogus emails to unsuspecting netizens. These emails purport to come from legitimate companies, and are designed to scare netizens into divulging their Account IDs, and passwords.
Rather than trying to describe the process in detail, I have an example to show you. I received the email below just today. The nasty bits have been taken out.
From : Blizzard Entertainment <email@example.com>
[The email reply-to is the first big giveaway. Blizzard Entertainment is a legitimate gaming company, and produced the highly successful MMO – World of Warcraft. BUT! All official Blizzard emails use email addresses linked to their website, NOT gmail!]
An investigation of your World of Warcraft account has found strong evidence
that the account in question is being sold or traded.
[I did have a World of Warcraft account – about five years ago. Oddly, I didn’t start receiving these emails until a year or so after I stopped playing.]
As you may not be aware of,
[Awkward grammar and sentence construction can often be a dead giveaway as well]
this conflicts with Blizzard’s EULA under section 4 Paragraph B which can
be found here:
WoW -> Legal -> End User License Agreement
[The email references genuine, Blizzard Entertainment web pages, but does not actually link to them]
The investigation will be continued by Blizzard administration to determine the
action to be taken against your account. If your account is found violating the
[This is the big stick designed to scare players into quickly clicking on the link provided]
In order to keep this from occurring, you should immediately verify that you are
the original owner of the account.
To verify your identity please visit the following webpage:
[To verify your identity, you will be asked to enter your Account ID and password. The minute you do that, the hackers will have all your account information and will be able to enter World of Warcraft as you. The consequences can range from annoying to devastating.]
[Look carefully at web site name. ‘baltte’ is NOT a typo. URLs with typos do not work. Blizzard does have an account with ‘battle’ in the address, but this is definitely not it.]
Only Account Administration will be able to assist with account retrieval
issues. Thank you for your time and attention to this matter, and your
continued interest in World of Warcraft.
The above example is actually a rather amateurish job, with fairly obvious clues to its origins – if you know what to look for, and don’t panic. The problem is, most normal netizens don’t know what to look for, and phishing is not restricted to online games.
In the past couple of years, I’ve received more than one phishing email – supposedly from my bank – with the right logos and graphics etc, and no easy giveaways. In fact, the only thing these highly professional phishing emails had in common with the example above was that they required me to follow a link and SIGN IN.
Now, if you don’t use internet banking, this warning probably doesn’t apply to you. However if you do use internet banking, then please understand that once you follow one of these bogus links, and sign in to your banking account, your money will be gone in minutes.That is how serious phishing can be.
So, two very important facts to learn and remember :
1. If you get an email from your bank telling you there is a problem, and asking you to login to your account via a link in the email – DON’T DO IT!
2. Always login to your account via the normal, legitimate web address. Having to type in the URL may not be as convenient as clicking on a link, but it is far, far safer. If there is a genuine problem with your account, it will show up once you are safely logged in to your account. 99.99999% of the time, however, there won’t be a problem, and the email you received will have been bogus.
The internet is a wonderful place, but even the best anti-virus software cannot protect you from hackers if you aren’t aware of the danger, and don’t exercise some common sense.
Play safe, bank safe!