In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well.
Imagine my surprise this morning when I received an email notice from a bank I don't belong to, asking me to update my personal account information.
(Click on all images to view clearly)
My first clue that this wasn't real, was the fact that I don't bank at this bank, located in the USA.
My second clue was the email address they used for the bank, Hmm, a huge bank using the facilities of Yahoo?!?
My third clue was the link they wanted me to follow.
It looked ok,
But the address written in the html was actually:
And when an email tells you to go one place, and sends you to another place, well you gotta wonder.
The site they wanted me to go to was the Wells Fargo Bank site:
But they created a lovely copy of the site, bought the fake domain name, http://wells-fargo-update.net/cgi-bin/index.php, and direct people there to leave behind their usernames and passwords.
The fake looks like this:
Nearly the same, except they don't include a sitemap, just so you won't get sidetracked to the real site.
And the links on the fake page direct you back to the real site pages, to get the information you require.
Again, what they are after is your username and password, so that they can access your account and take control of your investments, funds, and life.
The domain name, wells-fargo-update.net (The fake site) was purchased and set up yesterday/today. And will expire in one year.
Domain Name.......... wells-fargo-update.net
Creation Date........ 2007-01-18
Registration Date.... 2007-01-18
Expiry Date.......... 2008-01-18
Organisation Name.... Sandra C. Kennedy
Organisation Address. P O Box 99800
Organisation Address. EmeryVille
Organisation Address. 94662
Organisation Address. CA
Organisation Address. US
The Internet company which registered this domain for "Ms. Sandra C. Kennedy" was www.melbourneit.com, an Australian company, legitimate or not.
The sad part is that this con will trick some people and they will loose. And those who will loose the most will be the gullible and often the aged.
So we need to become more aware of these schemes.
Wikipedia tells us what to do in regards to Phishing:
Users who are contacted about an account needing to be "verified" (or any other topic used by phishers) can take steps to avoid phishing attempts by modifying their browsing habits. Users can contact the company that is the subject of the email to check that the email is legitimate, or can type in a trusted web address for the company's website into the address bar of their browser to bypass the link in the suspected phishing message.
And there you go.
If you get an email from an organization you usually would trust, give them a phone call, and not using a phone number located on the email itself, but rather look it up in your phone book.
The other option is to type in the real www address as you know it, into the address bar at the top of your browser.
These kinds of post-modern day thieves wouldn't put the big effort into this kind of a con, if it didn't work. So they are obviously making money on it.
Lets practice safe surfing, and be aware.
This public announcement brought to you by the editors and owners of randallfriesen.com.
Warning--For temporary use only. Long-term use of this product may lead to faster bone loss, continuing irritation, sores, and tumors. For emergency repairs only. Long-term use of home-repaired dentures may cause faster bone loss, continuing irritation, sores, and tumors. This kit for emergency use only. See Dentist Without Delay.