Phishing Email

Posted on by

Most of you may know by now what phishing email is and its intended purpose. For those who do not I will be brief. The term phishing is a variant of the word fishing and alludes to the use of clickable links or email attachments as bait designed to entice a reader’s link-clicking bite. Phishing email is sent in an attempt to acquire certain information, usually log-in credentials, your username and password, and even social security and driver’s license numbers. I must admit to falling for one or two of these spoofs myself in the past. Back then I was merely redirected to some sales pitch page.

The Big Deal About Phishing Email

While not serious in the computer repair sense, these log-ins usually allow access to your personal or financial information, and more. If you are a Facebook user, who has woken up to comments requesting that you cease and desist with the Viagra spam, you may have clicked on some account high-jacking bait the previous evening. I personally get a lot of fake Capital One credit card security warnings demanding time sensitive log-in verification that would actually give the crooks my log in information. I have also been getting several alerts lately from a spoofed FedEx alert system regarding a missed delivery with requests that I log in to my account.

The intention doesn’t even have to be all that malicious. A valid email is gold dust to many marketers. Getting you to respond to any message, even to say bug off, is valuable to somebody out there somewhere. By the way this is precisely why I recommend a free junk email address, with any of the online email providers, for logging into unknown sites and requesting various  content from the web. Something like spamcrapjunk@yahoohotmailgmail.com. Just don’t use your Comcast, SBC, AT&T, AOL, internet provider email as it is not as painless to ditch that one for a new address; all your contacts would need to be notified. Not only does a dedicated  junk mail address keep the inbox you use for family and friends somewhat clean, but you would likely suspect an email from your Harris Bank customer service if sent to your spamcrapjunk@yahoo.com, which was not likely your log in at the bank.

Okay, once again I failed at brief, and there are plenty of search engine results for the definition of phishing; so moving on. I decided to write about this subject this morning for two different reasons. These articles are inspired by customer questions and recent services I have performed. I am repeatedly asked how a computer that Technoworries has scrubbed recently now seems sluggish or is acting freakishly independent. “We did everything you said, faithfully updated Windows and the frequent definitions for the anti-virus program, and now this frustration again?”
After I tell them that this sort of thing sneaks around security measures by being invited through email link clicking, the caller’s thoughts turn first to proclaiming innocence, and then to assigning blame. Depending on which family member calls me the culprit varies. If the woman calls the blame goes to the husband’s not so secret filthy website habit. If the man calls it’s the wife and all those stupid shopping and freebie sites. Ask one of the kids, and the trouble is due to a sibling doing that file sharing thing, which the older more responsible trustworthy child sincerely advised against; every time they snagged a movie. So the first reason I picked this topic is that it’s a popular problem.

The second reason came to me at just before 6 AM this morning. I received an email from one of my regular suppliers Newegg.com notifying me that my account had been charged for an order I had placed. I did not remember placing an order but that certainly does not mean that I didn’t place it; only that I forgot the deed.

I should say that phishing email is not related to a breach of security at the true location. Nobody hacked into Newegg, got my email, or my credit card information, or anything like that. Just a high tech way of trying to look over my shoulder as I type my password into what I think is the legitimate website.

As you can see when clicking on the above photo this is a remarkably well laid out replica of Newegg customer service correspondence. A couple of things about the email looked wrong but only because looking at emails for a few extra seconds has become a habit. One that has to be consciously formed I’m afraid, being corrective, as opposed to the insta-click-on-any-email habit that is nurtured by repetition bred apathy. My curiosity brings added temptation to the left mouse button. What is behind the door that I know I shouldn’t open? I better not. But then again how am I going to respond knowledgeably to customer pleas if I don’t look inside? It is for them that I click.
Yes I have clicked, knowingly, and paid the price. Boys don’t listen. It’s axiomatic.

As for the suspect email:

    1. The Customer ID in the photo? Not right. I use that email address for customers not vendors.
    2. The Account Number? Not right. I think mine has more numbers and some dashes.
    3. The Sales Order Number? While I am not certain of the number of digits in a Newegg Sales Order ID I doubt it would be the same number of digits as my Account number; or so similar.
    4. Dear Customer? Watch for generic greetings; Y’all.
    5. Merchandise is usually mentioned somewhat prominently on an invoice; even by email.
    6. This email does not use it but watch out for urgency in the notice rushing you to log in. Most scams will try to eliminate your logical thought process through pressure to react.
    7. Finally, the multiple links throughout this message, are bogus.   I will explain:

If you use the mouse to guide the cursor arrow on the screen to rest over click-able links on web pages or emails the cursor turns into a hand. Simultaneously the URL (web address) connected to the link appears in a little window popping up in the lower left corner of the active window on your screen. In the photo of the email I had the cursor hovering over the Contact Us Page blue underlined link. As you can see the address in the lower left is not to Newegg but to something called procrearteinterblahblah.com. Likewise were the links to Live Chat, Policy, Privacy, and Confidentiality. All of them pointed to this mystery address.

Naturally I had to investigate this odd address. Not by clicking on the links in the email of course. I entered the root of the address (entering nothing after the .com) and found a disturbing site from Argentina called Procrearte International. Their tag line? Reproductive and Molecular Institution. Yikes. I spent just enough time there, due to some twisted fascination and that curiosity thing again, to find out that Argentina is second only to America in the number of European and Asian immigrants; who make up the egg donation base there. From what I gather that means that with Proankenstein International I have the best chance of a designer baby being whipped up while taking advantage of the Latin American discount prices.     And – I’m out.
Okay that is none of my business, trying not to further judge, but I am reasonably certain that Newegg has not outsourced invoicing and customer service to an Argentinean fertility clinic.

There may be more clues in the email photo but we just need to look for a few not spend all day at it like when reading some blogs. If moderate scrutiny raises suspicious, resist the click. When in doubt, if for instance you were in fact waiting for a coincidental order to bill, go directly to the seller’s website and log in the way you would normally check your order status unsolicited.

If you have time, contact the spoofed merchant by phone or email, and report the phishing attempt to gain access to your account. You may think they know, or that surely someone else has called, but maybe not. The sooner the company knows about the activity the sooner they can take action to assure your account security and notify folks to ignore these fraudulent emails. I usually forward these emails (and texts now) to the customer service department but when I went to Newegg.com I found this notification already on the website’s Contact Us page:

If you want to be a real sport, and you have some more time, inform the National Fraud Information Center and the Anti-Phishing Working Group.

If someone messing with your social site wall posts or tricking you into visiting an overseas deal-of-the-day shop isn’t enough to urge care when clicking on links in emails then consider your website log in methods. If you generally use the same user name and password for multiple sites then you are now allowing strangers access to multiple stores of information after that last successful phishing trip. If this happens you then need to remember every site you ever log into and then go through the check/change password process.

Too Late Now What

If you remember clicking on something like this, and believe you have given any personal information, try to remember the company which the email claimed to be sent from and report this to them. You might still have the email in the trash folder of the email account.

  • Don’t forget to change the user name and password at the spoofed site and any other websites where you have used the same log in credentials.
  • Also report this compromise to any bank, lending institution, or credit account holder to whom you have also given this log in information.
  • Next notify at least one of the major credit reporting agencies. Equifax, Experian, TransUnion).
  • Contact the Federal Trade Commission http://ftc.gov/.
    To send them a copy of the phishing email: Open the spoof email. Click the Forward button in your email program. Type: spam@uce.gov in the To window and type something like Reporting Phishing Email Attack in the subject line.
  • Report the incident to the local police department.
  • Even the FBI through its Internet Crime Complaint Center http://www.ic3.gov/default.aspx Yes I am serious in case you just asked.

Those recommendations are dependant on the nature of the phishing email of course, and your judgment as to the threat level, but those are ways to help stop this activity. The credit related reporting and the password changing are to defend against identity theft which takes a lot longer to try and fix than performing the few directives mentioned above.

Remember, this sort of breach in your personal security caused by a phishing email link click is more about caution and restraint than anti-virus updates or finding out which family member is visiting what website. You probably wouldn’t give a person on the phone your social security number, or your Mother’s maiden name, or even your fifth grade teacher’s best friend’s first pet’s middle name. But the caller is good at the con, has a disarming voice, and knows just enough information to convince you of their authenticity, you just might blab. That’s when you remind yourself that no legitimate company asks for these things on the phone or by email. Ask that smooth caller for their office number so you can phone them right back and see what doesn’t happen.

So no need to panic or avoid the internet over phishing email. Just pay attention, know your email sender, and if asked to do any business with an online company, enter the site throught their main page, not invitation link bait.

Thanks for reading,

Steve

– from Technoworries Computer Repair

Share via email